The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant researchers have shared. It’s still impossible to say whether they were mounted by a single threat actor, but the use of known malware on at least one of the compromised VPN appliances points to China-nexus espionage actor(s) – UNC5337 and UNC5221 – that have exploited ICS zero-days several times in the past few … More
The post Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) appeared first on Help Net Security.
