Krebs on Security

Patch Tuesday, January 2026 Edition

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported ...
Ars Technica

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

Networks protected by Ivanti VPNs are under active attack by well-resourced hackers who are exploiting a critical vulnerability that gives them complete control over the network-connected devices.
SiliconANGLE

Ivanti discloses critical VPN vulnerability being actively targeted by hackers

Hackers are actively targeting deployments of some Ivanti Inc. software products using a newly discovered security vulnerability. The company disclosed the exploit, which is tracked as CVE-2025-0282, ...
CRN

Five Latest Updates On The 2025 Ivanti VPN Attacks

A domain registry provider is the first company to acknowledge a compromise related to the cyberattacks, which have exploited a critical vulnerability in Ivanti Connect Secure. Ivanti has released a ...
TechCrunch

Hackers are exploiting a new Ivanti VPN security bug to hack into company networks

U.S. software giant Ivanti has warned that a zero-day vulnerability in its widely used enterprise VPN appliance has been exploited to compromise the networks of its corporate customers. The company ...
TechCrunch

UK domain giant Nominet confirms cybersecurity incident linked to Ivanti VPN hacks

Nominet, the U.K. domain registry that maintains .co.uk domains, has experienced a cybersecurity incident that it confirmed is linked to the recent exploitation of a new Ivanti VPN vulnerability. In ...
CRN

Ivanti Discloses Exploitation Of ‘Critical’ VPN Vulnerability

The company’s Connect Secure VPN is also vulnerable to a second, high-severity flaw, Ivanti says. Ivanti disclosed Wednesday that a critical-severity, zero-day vulnerability impacting its widely used ...
Computer Weekly

Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks

Security supplier Ivanti has once again found itself at the centre of an expanding series of breaches after it emerged that two freshly disclosed vulnerabilities in a number of its products are likely ...

Ivanti reveals major security update, so make sure you're protected

Ivanti patches four bugs found in Connect Secure, Policy Secure, and Cloud Services Applications All four could be used in RCE attacks Patches are available, and users are advised to apply them ASAP ...
Dark Reading

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

The Ivanti Endpoint Manager Mobile (EPMM) zero-day attacks, which began last spring and lasted well into the summer as attackers took advantage of patching lag, were one of the top cyber-stories of ...
Infosecurity-magazine.com

New Malware Variant RESURGE Exploits Ivanti Vulnerability

A new malware variant dubbed RESURGE has been uncovered by the US Cybersecurity and Infrastructure Security Agency (CISA) and is targeting Ivanti Connect Secure appliances through a critical ...