Security News > 2024 > January > Ivanti warns of new Connect Secure zero-day exploited in attacks
Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation.
"As part of our ongoing investigation into the vulnerabilities reported on 10 January in Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways, we have discovered new vulnerabilities. These vulnerabilities impact all supported versions - Version 9.x and 22.x," the company said today.
Ivanti has released security patches to address both flaws for some affected ZTA and Connect Secure versions, and it provides mitigation instructions for devices still waiting for a patch.
Ivanti Connect Secure zero-days now under mass exploitation.
Ivanti warns of Connect Secure zero-days exploited in attacks.
CISA: Critical Ivanti auth bypass bug now actively exploited.
News URL
Related news
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- UK domain registry Nominet confirms breach via Ivanti zero-day (source)