Experts forecast Ivanti VPN attacks as endpoint scans surge

Experts forecast Ivanti VPN attacks as endpoint scans surge

: GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS). The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024," JPCERT/CC researcher Yuma

TeamT5 Warns of Global Risks Posed by Ivanti Vulnerability - CybersecAsia

TAIPEI, April 24, 2025 /PRNewswire/ — Asia Pacific threat intelligence leading brand TeamT5 detected that the China-nexus APT group exploited the critical vulnerability in Ivanti Connect Secure VPN appliances to infiltrate multiple entities around the globe. The victims include nearly 20 different industries across 12 countries. TeamT5 believes that the actor still maintained control over the victim’s network at the time of analysis. We urge ent…

Hackers Exploit Ivanti Connect Secure 0-Day To Deploy DslogdRAT And Web Shell - Cybernoz - Cybersecurity News

Threat actors exploited a zero-day vulnerability in Ivanti Connect Secure, identified as CVE-2025-0282, to deploy malicious tools including a web shell and a sophisticated remote access trojan (RAT) named DslogdRAT. According to a detailed analysis by JPCERT/CC, these attacks underscore the persistent and evolving risks surrounding Ivanti products, which have become a frequent target for cybercriminals. The deployment of such malware through unp…

Hackers Exploit Ivanti Connect Secure 0-Day to Deploy DslogdRAT and Web Shell

Threat actors exploited a zero-day vulnerability in Ivanti Connect Secure, identified as CVE-2025-0282, to deploy malicious tools including a web shell and a sophisticated remote access trojan (RAT) named DslogdRAT. According to a detailed analysis by JPCERT/CC, these attacks underscore… Read more → The post Hackers Exploit Ivanti Connect Secure 0-Day to Deploy DslogdRAT and Web Shell appeared first on IT Security News.

DslogdRAT Malware Deployed In Ivanti Connect Secure Attacks

A new wave of attacks targeting Ivanti Connect Secure VPN devices has revealed a stealthy malware strain known as DslogdRAT, deployed alongside a simple but effective Perl web shell. Security researchers at JPCERT/CC identified these infections during a forensic investigation into exploitation of CVE-2025-0282—a zero-day vulnerability abused in December 2024 attacks on Japanese organizations. DslogdRAT Initial Access via Lightweight Web Shell Th…