Ivanti, Fortinet, and Splunk have released patches for critical- and high-severity vulnerabilities in their products.

What do these plans look like in practice? For comms professionals seeking practical governance approaches, here are a few research-backed ideas: ...

The news was recently confirmed by the French National Agency for the Security of Information Systems (ANSSI), which noted ...

The Anthropic Model Context Protocol (MCP) Inspector project carried a critical-severity vulnerability which could have ...

The bug is described as an insufficient input validation vulnerability that leads to memory overread when the NetScaler is ...

Federal agencies are facing significant challenges due to outdated IT systems that hinder efficiency, compromise security and ...

Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. Since early December, Chinese state ...

Networks protected by Ivanti VPNs are under active attack by well-resourced hackers who are exploiting a critical vulnerability that gives them complete control over the network-connected devices ...

Nothing like insecure code in security suites The "ongoing exploitation" of two Ivanti bugs has now extended beyond on-premises environments and hit customers' cloud instances, according to ...

Chinese hackers exploited Ivanti CSA zero-days, targeting French government, media, and telecom sectors in September 2024.

Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts.

Vulnerability revealed by Ivanti has been exploited by the same group that targeted Connect Secure from January 2024.