Techly NewsGet the app

Get the latest tech news

State-backed hackers are exploiting new Ivanti VPN zero-days — but no patches yet


Software giant Ivanti says hackers are exploiting two critical-rated vulnerabilities impacting its widely-used VPN appliance.

U.S. software giant Ivanti has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance, but said that patches won’t be available until the end of the month. Volexity said it has evidence to suggest that the customer’s VPN appliance may have been compromised as early as December 3, and has linked the attack to a China-backed hacking group it tracks as UTA0178. In a blog post shared with TechCrunch on Thursday, Rapid7 researcher Caitlin Condon noted that the cybersecurity company had observed scanning activity “targeting our honeypots that emulate Ivanti Connect Secure appliances.”

Get the Android app

Or read this on TechCrunch

Read more on:

Photo of State

State

Photo of Days

Days

Photo of backed hackers

backed hackers

Related news:

News photo

Ivanti warns of Connect Secure zero-days exploited in attacks

News photo

Fortifying National Security: Inside the DoJ’s New Cybersecurity Unit Combatting State-Backed Hackers

News photo

Tulsa’s tech scene remains resilient amid state’s anti-DEI efforts

« Lucid’s Quarterly EV Deliveries Beat Estimates to Cap Volatile Year
Hestiia wants you to mine for crypto to heat your house »