Cybersecurity Chaos: Five New Flaws Shake Up Advantive and Ivanti Systems!

The U.S. Cybersecurity and Infrastructure Security Agency adds Advantive VeraCore and Ivanti Endpoint Manager vulnerabilities to its KEV catalog. The vulnerabilities are actively exploited, with a Vietnamese threat actor dropping shells. Federal agencies must patch by March 31, 2025. Meanwhile, PHP-CGI vulnerabilities are being mass-exploited, targeting multiple countries. Stay patched, stay safe!

3P
Published: March 11, 2025 4:30 amAdded: March 10, 2025 at 9:46 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like CISA is calling out vulnerabilities like they’re bad contestants on reality TV! Advantive VeraCore and Ivanti Endpoint Manager, you’ve been voted off the island! With hackers lurking like paparazzi, it’s time to patch up before your systems end up on the cover of Cybersecurity Digest’s “Most Exploited” issue!

Key Points:

  • CISA adds five new security flaws to its Known Exploited Vulnerabilities catalog.
  • Vulnerabilities affect Advantive VeraCore and Ivanti Endpoint Manager.
  • Vietnamese threat actor XE Group linked to VeraCore exploitations.
  • No public exploitation reports yet for Ivanti EPM, but proof-of-concept exploits exist.
  • FCEB agencies must apply patches by March 31, 2025.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?