Tag: IVANTI

CTI & OSINT

RESURGE: In-Depth Analysis of a Persistent Implant on Ivanti Connect Secure

by marcfred • February 27, 2026

Exploitation of CVE-2025-0282 | CVSS 9.0 | SPAWN/SPAWNCHIMERA Malware Family Dominant ATT&CK Techniques: T1190 (Exploit Public-Facing Application), T1071.001 (Web Protocols), T1556 (Modify Authentication Process) Affected Technology: Ivanti Connect Secure (Pulse Secure) VPN Appliance Classification: TLP:CLEAR-PAP:CLEAR 1. Executive Summary (Board-Level Strategic Abstract) The RESURGE implant represents a first-order structural threat to any organization operating Ivanti Connect…

Analysis of the Compromise of Ivanti Endpoint Manager Mobile Systems (EPMM) – CISA MAR AR25-261A

by marcfred • September 19, 2025

Executive Summary On September 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a detailed Malware Analysis Report (AR25-261A) regarding a cyber intrusion targeting Ivanti Endpoint Manager Mobile (EPMM) systems. In this incident, cyber threat actors exploited two critical vulnerabilities (identified as CVE-2025-4427 and CVE-2025-4428) to bypass authentication in the Ivanti EPMM product…

INTELLIGENCE REPORT – APT33

INTELLIGENCE REPORT — HANDALA / HANDALA HACK TEAM

INTELLIGENCE REPORT — APT34

Microsoft OOB hotpatch KB5084597 addresses three RCE vulnerabilities in RRAS MMC snap-in

M	T	W	T	F	S	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31