The Hacker News

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

Weekly cybersecurity roundup covering exploited vulnerabilities, malware campaigns, legal actions, and nation-state attacks ...
Dark Reading

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

The zero-day exploitations of Ivanti's MDM platform meant unprecedented pwning of 1000s of orgs by a Chinese APT — and ...
acm.org

Turning Servers Against the Cloud

You expect the guardians at the gate of any system to keep attacks out; you don’t expect them to turn against internal systems and networks and ravage those on behalf of threat actors. Yet that’s what ...
TechRadar

These two Ivanti bugs are allowing hackers to target cloud instances - so patch now

New research points to flaws used in targets against cloud instances The flaws were previously found in on-prem attacks Ivanti released a patch so apply it now Two bugs affecting Ivanti’s Endpoint ...
Computer Weekly

Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks

Security supplier Ivanti has once again found itself at the centre of an expanding series of breaches after it emerged that two freshly disclosed vulnerabilities in a number of its products are likely ...
SiliconANGLE

Ivanti discloses critical VPN vulnerability being actively targeted by hackers

Hackers are actively targeting deployments of some Ivanti Inc. software products using a newly discovered security vulnerability. The company disclosed the exploit, which is tracked as CVE-2025-0282, ...
CSOonline

Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day

The software maker announced that a stack-based buffer overflow flaw in its SSL VPN appliance has been exploited in the wild. Ivanti Policy Secure and Ivanti Neurons for ZTA gateways are also impacted ...
Bleeping Computer

Ivanti warns high severity CSA flaw is now exploited in attacks

Ivanti confirmed on Friday that a high-severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. "At the time of disclosure on September 10, we were ...
CSOonline

Newly patched Ivanti CSA flaw under active exploitation

The Cloud Service Appliance command injection vulnerability — patched as part of the final update for end-of-life CSA version 4.6 — has been attacked in the wild, Ivanti confirms. IT management ...
heise online

Ivanti: Updates against critical leaks in Endpoint Manager and other products

Ivanti has discovered security vulnerabilities, some of them critical, in several products. Updates to correct the security-relevant errors are available for Ivanti's Endpoint Manager, Workspace ...
TechRadar

Ivanti patches serious endpoint management software security bugs, so update now

Ivanti has released a patch for a critical security vulnerability, advising users to apply it immediately to secure their infrastructure. In an advisory, Ivanti said it had uncovered a deserialization ...