Bleeping Computer

Ivanti fixes three critical flaws in Connect Secure & Policy Secure

Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical ...
Bleeping Computer

Ivanti patches Connect Secure zero-day exploited since mid-March

Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.
SDxCentral

Ivanti updates Connect Secure, Policy Secure for CVE-2025-22457 vulnerabilities

For any instances of Ivanti Connect Secure that were not updated by Feb. 28, 2025, to the latest Ivanti patch (22.7R2.6) and all instances of Pulse Connect Secure (EoS), Policy Secure, and ZTNA ...

Zero-day exploits plague Ivanti Connect Secure appliances for second year running

The cybersecurity industry is urging those in charge of defending their orgs to take mitigation efforts "seriously" as Ivanti ...
Redmond Magazine

CISA Issues Alert on Exploits of Ivanti Connect Secure and Policy Secure VPN Solutions

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with other government partners, issued a new alert this week about the compromise of some Ivanti virtual private network (VPN) ...
CRN

Ivanti Reports Exploitation Of Two Zero-Day VPN Flaws

The high-severity vulnerabilities impact Ivanti’s Connect Secure VPN and do not yet have a patch available. Ivanti disclosed Wednesday that a pair of high-severity, zero-day vulnerabilities impacting ...
CSOonline

Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day

The software maker announced that a stack-based buffer overflow flaw in its SSL VPN appliance has been exploited in the wild. Ivanti Policy Secure and Ivanti Neurons for ZTA gateways are also impacted ...