Ivanti Connect Secure is a technology platform tracked across 8 threat clusters and 17 intelligence report mentions on ThreatCluster. First observed December 9, 2025; most recent activity June 18, 2026.
On April 3, 2025, Ivanti disclosed CVE-2025-22457, a critical buffer overflow vulnerability affecting Ivanti Connect Secure and other products. The vulnerability allows unauthenticated remote code execution, and…
Operation Escaneo is a coordinated cyberattack attributed to the MexicanMafia group, targeting critical infrastructure across Latin America, primarily Mexico. The campaign, which spanned from 2025 to 2026, utilized…
The NCSC has issued an urgent advisory for UK organizations to address critical vulnerabilities affecting F5 BIG-IP Access Policy Manager, Citrix NetScaler ADC, and Citrix NetScaler Gateway. These vulnerabilities…
As of February 12, 2026, organizations worldwide are experiencing an average of 2,090 cyber-attacks per week, largely driven by ransomware incidents. This increase highlights the ongoing challenges faced by businesses…
A China-based advanced persistent threat (APT) group has exploited vulnerabilities in Ivanti Connect Secure to deploy MetaRAT malware. Japan's cybersecurity firm LAC has confirmed the targeted nature of this attack,…
CISA has released updated findings on RESURGE, a malware implant exploiting CVE-2025-0282 to compromise Ivanti Connect Secure devices. This malware can remain undetected and utilize advanced evasion techniques for…
In early 2024, the US government issued an emergency order for all civilian federal agencies to disconnect the Connect Secure VPN software made by Ivanti Inc. due to a breach by Chinese hackers. The hackers infiltrated…
The 2026 GreyNoise State of the Edge Report indicates that over half of the most dangerous exploitation attempts against internet-facing infrastructure originated from IPs with no prior history in GreyNoise data. The…