Ivanti Connect Secure — Cyber Threats, Attacks & Incidents

Threat entity extracted from intelligence sources

Frequency
17
occurrences
First Seen
December 9, 2025
Last Seen
June 18, 2026

Ivanti Connect Secure is a technology platform tracked across 8 threat clusters and 17 intelligence report mentions on ThreatCluster. First observed December 9, 2025; most recent activity June 18, 2026.

Related Threat Clusters

  • Critical Remote Code Execution Vulnerability Exploited by China-Nexus Actor

    On April 3, 2025, Ivanti disclosed CVE-2025-22457, a critical buffer overflow vulnerability affecting Ivanti Connect Secure and other products. The vulnerability allows unauthenticated remote code execution, and…

    2 articles · Updated June 17, 2026
  • Operation Escaneo Targets Latin American Critical Infrastructure

    Operation Escaneo is a coordinated cyberattack attributed to the MexicanMafia group, targeting critical infrastructure across Latin America, primarily Mexico. The campaign, which spanned from 2025 to 2026, utilized…

    4 articles · Updated June 18, 2026
  • Urgent Mitigation Needed for Multiple Cyber Vulnerabilities in UK Organizations

    The NCSC has issued an urgent advisory for UK organizations to address critical vulnerabilities affecting F5 BIG-IP Access Policy Manager, Citrix NetScaler ADC, and Citrix NetScaler Gateway. These vulnerabilities…

    2 articles · Updated April 15, 2026
  • Ransomware Fuels Surge in Global Cyberattacks

    As of February 12, 2026, organizations worldwide are experiencing an average of 2,090 cyber-attacks per week, largely driven by ransomware incidents. This increase highlights the ongoing challenges faced by businesses…

    1443 articles · Updated February 12, 2026
  • MetaRAT Malware Deployed via Ivanti Connect Secure Vulnerabilities

    A China-based advanced persistent threat (APT) group has exploited vulnerabilities in Ivanti Connect Secure to deploy MetaRAT malware. Japan's cybersecurity firm LAC has confirmed the targeted nature of this attack,…

    3 articles · Updated December 9, 2025
  • CISA Issues Update on RESURGE Malware Targeting Ivanti Devices

    CISA has released updated findings on RESURGE, a malware implant exploiting CVE-2025-0282 to compromise Ivanti Connect Secure devices. This malware can remain undetected and utilize advanced evasion techniques for…

    11 articles · Updated February 27, 2026
  • Chinese Hackers Exploit Vulnerability in Ivanti VPN Software

    In early 2024, the US government issued an emergency order for all civilian federal agencies to disconnect the Connect Secure VPN software made by Ivanti Inc. due to a breach by Chinese hackers. The hackers infiltrated…

    7 articles · Updated February 19, 2026
  • 2026 GreyNoise Report Reveals New Exploitation Patterns

    The 2026 GreyNoise State of the Edge Report indicates that over half of the most dangerous exploitation attempts against internet-facing infrastructure originated from IPs with no prior history in GreyNoise data. The…

    5 articles · Updated February 24, 2026

Recent Intelligence Reports

  • Operation Escaneo Signals Shift in LatAm Threat Landscape — Darkreading · June 18, 2026
  • LATAM Infrastructure Hit by Fortinet and Ivanti Exploits — Infosecurity-Magazine · June 18, 2026
  • Operation Escaneo: Infrastructure Exposure, TTP Analysis, and Attribution Assessment of an ... — Cloudsek · June 17, 2026
  • 2c7673d5 C3c5 4f02 Ba7c 4fa0927b06ac — attackerkb.com · June 17, 2026
  • China Nexus Exploiting Critical Ivanti Vulnerability — cloud.google.com · June 17, 2026
  • Rapid7 Analysis: CVE-2025 — Rapid7 · June 17, 2026
  • Ivanti Connect Secure vulnerabilities — www.ncsc.gov.uk · April 15, 2026
  • Storm-1175 Exploits Flaws in High — Infosecurity-Magazine · April 7, 2026

CVSS v3.1 Breakdown