The Hacker News

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities catalog, based on evidence of active e ...
CSO Online

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials.

Credential-stealing crew spoofs VPN clients from Cisco, Fortinet, and others

And then they send victims to the legit VPN download to hide their tracks A group of cybercriminals tracked as Storm-2561 is ...

Fake enterprise VPN downloads used to steal company credentials

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal ...
SecurityWeek

Recent Ivanti Endpoint Manager Flaw Exploited in Attacks

CISA warns that a high-severity Ivanti Endpoint Manager vulnerability disclosed and patched last month has been exploited in attacks.
Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...
The Hacker News

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Storm-2561 spreads fake VPN installers via SEO poisoning and GitHub downloads, stealing enterprise VPN credentials with Hyrax malware.
Bleeping Computer

Ivanti warns of new Connect Secure flaw used in zero-day attacks

Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it became ...
Ars Technica

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

Networks protected by Ivanti VPNs are under active attack by well-resourced hackers who are exploiting a critical vulnerability that gives them complete control over the network-connected devices.
CSOonline

CISA, FBI call software with buffer overflow issues ‘unforgivable’

The federal directive forbids vendors from shipping software with such flaws, and flags recent Microsoft, and Ivanti zero-days as examples. FBI and CISA have issued a joint advisory to warn software ...
Dark Reading

CISA Warns of Resurge Malware Connected to Ivanti Vuln

The Cybersecurity and Infrastructure Security Agency (CISA) has warned that threat actors are exploiting a previously discovered Ivanti vulnerability using a file dubbed "Resurge." According to CISA, ...
Infosecurity-magazine.com

Critical Ivanti Zero-Day Exploited in the Wild

The UK’s National Cyber Security Centre (NCSC) and its US equivalent have urged Ivanti customers to take immediate action to mitigate two new vulnerabilities, one of which is being actively exploited.