Security News > 2024 > January > Ivanti warns of new Connect Secure zero-day exploited in attacks
![Ivanti warns of new Connect Secure zero-day exploited in attacks](/static/build/img/news/ivanti-warns-of-new-connect-secure-zero-day-exploited-in-attacks-medium.jpg)
Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation.
"As part of our ongoing investigation into the vulnerabilities reported on 10 January in Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways, we have discovered new vulnerabilities. These vulnerabilities impact all supported versions - Version 9.x and 22.x," the company said today.
Ivanti has released security patches to address both flaws for some affected ZTA and Connect Secure versions, and it provides mitigation instructions for devices still waiting for a patch.
Ivanti Connect Secure zero-days now under mass exploitation.
Ivanti warns of Connect Secure zero-days exploited in attacks.
CISA: Critical Ivanti auth bypass bug now actively exploited.
News URL
Related news
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Apple backports fix for zero-day exploited in attacks to older iPhones (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Check Point releases emergency fix for VPN zero-day exploited in attacks (source)
- Check Point Warns of Zero-Day Attacks on its VPN Gateway Products (source)
- Check Point VPN zero-day exploited in attacks since April 30 (source)
- Black Basta ransomware gang linked to Windows zero-day attacks (source)