Ivanti patches two zero-days under attack, but finds another


This post is by Carly Page from TechCrunch


Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. Since early December, ​​Chinese state-backed hackers have been exploiting Ivanti Connect Secure’s flaws — tracked as CVE-2023-46805 and CVE-2024-21887 — to break into customer networks and steal information. Ivanti is now warning that it has […] © 2024 TechCrunch. All rights reserved. For personal use only.