Ivanti Archives

The four most frequently exploited vulnerabilities were all contained in edge devices, such as VPNs, firewalls and routers. (Getty Images)

Attackers hit security device defects hard in 2024

Mandiant said exploits were the most common initial access vector last year, linking software defects to 1 in 3 attacks. The most commonly exploited vulnerabilities affected network…

Apr 23, 2025 By Matt Kapko

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

Apr 14, 2025 By Matt Kapko

The Chinese national flag flies outside the Ministry of Foreign Affairs in Beijing on July 26, 2023. (Photo by GREG BAKER/AFP via Getty Images)

China-backed espionage group hits Ivanti customers again

UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.

Apr 3, 2025 By Matt Kapko

Silk Typhoon shifted to specifically targeting IT management companies

The Chinese state-backed espionage group started targeting third-party IT services in late 2024, Microsoft researchers said.

Mar 6, 2025 By Matt Kapko

Edge device vulnerabilities fueled attack sprees in 2024

The most consequential cyberattacks observed by Darktrace last year were linked to software defects in firewalls and perimeter network technologies.

Feb 19, 2025 By Matt Kapko

New zero-day exploit targets Ivanti VPN product

After Ivanti detected the activity, Mandiant says it found malware in impacted devices associated with a Chinese-linked threat group.

Jan 9, 2025 By Matt Bracken

CISA warns of hackers exploiting bug for end-of-life Ivanti product

Ivanti's Cloud Service Appliance has a "high severity vulnerability" being exploited in the wild.

Sep 13, 2024 By Christian Vasquez

Jen Easterly testifies during her confirmation hearing before the Senate Homeland Security and Governmental Affairs Committee on June 10, 2021 in Washington, D.C. (Photo by Kevin Dietsch/Getty Images)

Current, former government cyber officials tout industry collaboration advancements

Information sharing between the private sector and the federal government is providing a leg up when responding to vulnerabilities.

May 22, 2024 By Tim Starks

Close up of woman’s hand typing on computer keyboard. (Getty Images)

Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns

The software company pushed back on the joint advisory, which comes following multiple directives from CISA this year prodding agencies to patch against Ivanti exploits.

Feb 29, 2024 By Christian Vasquez

Director of the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency Jen Easterly prepares to testify at a House Select Committee on the Chinese Communist Party hearing on Capitol Hill in Washington, DC, on January 31, 2024. (Photo by Julia Nikhinson / AFP)

CISA orders Ivanti devices targeted by Chinese hackers be disconnected

An updated emergency directive includes instructions on how to bring affected devices back online securely.

Feb 1, 2024 By AJ Vicens