Chinese Cyberspies Unleash Chaos with New Ivanti VPN Zero-Day Exploit

Mandiant has linked the exploitation of a newly patched Ivanti VPN zero-day vulnerability to Chinese cyberspies. The attackers deployed malware tracked as Spawn and introduced new threats, DryHook and PhaseJam. Mandiant warns that CVE-2025-0282 could soon become a buffet for hackers if proof-of-concept exploits go public.

Pro Dashboard

Hot Take:

In a plot that sounds like it was lifted straight from a cyber-thriller novel, Chinese cyberspies are reportedly exploiting vulnerabilities in Ivanti’s VPN appliances. But don’t worry, Ivanti and Mandiant are on the case, armed with an Integrity Checker Tool and a hefty dose of medium confidence!

Key Points:

  • Ivanti has patched two critical vulnerabilities in its VPN appliances, with the exploitation linked to Chinese threat actors.
  • The critical CVE-2025-0282 vulnerability allows unauthenticated remote attackers to execute arbitrary code.
  • Mandiant has connected the exploitation to a Chinese espionage group, UNC5337, but can’t pinpoint a specific actor.
  • Previously unknown malware families, DryHook and PhaseJam, have been identified in the attacks.
  • CISA added the Ivanti zero-day to its Known Exploited Vulnerabilities catalog, pushing for a patch by January 15.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?