Credential-stealing crew spoofs VPN clients from Cisco, Fortinet, and others

A group of cybercriminals tracked as Storm-2561 is using fake enterprise VPN clients from CheckPoint, Cisco, Fortinet, Ivanti ...
CSO Online

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.

CISA: Recently patched Ivanti EPM flaw now actively exploited

CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks.
CSOonline

Ivanti patches two actively exploited critical vulnerabilities in EPMM

The code injection flaws allow for unauthenticated remote code execution on Ivanti Endpoint Manager Mobile deployments, but also endanger connected Ivanti Sentry mobile traffic gateways. IT software ...
SecurityWeek

FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know

The US government shared exploit chains, IOCs and post-incident forensics data to help network defenders hunt for signs of Chinese hacking gangs. The US government’s cybersecurity and law enforcement ...
GCN

CISA outlines malware tied to Ivanti flaws and publishes detection guidance

The Cybersecurity and Infrastructure Security Agency published detailed recommendations on two malware versions that targeted the Ivanti Endpoint Manager Mobile. The detailed report can offer ...
Dark Reading

Fixed Ivanti Bugs Still Haunt Japan Orgs 6 Months Later

Old Ivanti vulnerabilities have allowed Chinese threat actors to continually attack Japanese organizations for the past eight months. But you can only bring a horse to water. Early this year, the ...
Mobile ID News

Critical Ivanti EPMM Vulnerabilities Under Active Exploitation, Patches Released

Two critical security vulnerabilities have been discovered in Ivanti Endpoint Manager Mobile (EPMM), with evidence of active exploitation in the wild. The vulnerability chain consists of CVE-2025-4427 ...
Business Wire

Ivanti Announces Successful Refinancing and New Capital Infusion to Support Key Strategic Initiatives

SALT LAKE CITY--(BUSINESS WIRE)--Ivanti, an enterprise software company that provides a comprehensive IT and security cloud-based platform, announced today that it has successfully closed a ...
techworm.net

TRAILBLAZE & BRUSHFIRE Malware Deployed in Ivanti Apps/Services

IT software vendor Ivanti recently released details of a now-patched critical security vulnerability affecting Ivanti Connect Secure (ICS) VPN appliances, Pulse Connect Secure, Ivanti Policy Secure, ...
Ars Technica

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

Networks protected by Ivanti VPNs are under active attack by well-resourced hackers who are exploiting a critical vulnerability that gives them complete control over the network-connected devices.
Bleeping Computer

Ivanti fixes maximum severity RCE bug in Endpoint Management software

Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. Ivanti EPM helps ...