Dive Brief:
- Researchers tracking a recently disclosed zero-day vulnerability in Ivanti Connect Secure said hundreds of instances may have been compromised through exploits of CVE-2025-0282. Shadowserver scans identified 379 new backdoored instances on Wednesday.
- “The backdoor was originally discovered by the National Cyber Security Centre of Finland in a CVE-2025-0282 exploitation case,” Shadowserver CEO Piotr Kijewski told Cybersecurity Dive via email on Friday. The agency shared remote detection methodology with Shadowserver, allowing it to scan the internet for confirmed compromises and notify affected entities, Kijewski said.
- Ivanti did not say how many devices were compromised via CVE-2025-0282 exploits or remain unpatched. “The facts as we know them remain consistent with our Jan. 8 disclosure. We encourage focusing on verified facts to ensure accurate reporting,” a company spokesperson said Friday via email.
Dive Insight:
Actively exploited vulnerabilities in Ivanti products are a recurring problem for the vendor’s customers. Multiple attack sprees during the last year targeted zero-day vulnerabilities in…
