Exploitation of New Ivanti VPN Zero-Day Linked to Chinese Cyberspies - SecurityWeek

Google Cloud’s Mandiant linked the exploitation of a new Ivanti VPN zero-day vulnerability, CVE-2025-0282, to Chinese cyberspies. The vulnerability, patched by Ivanti, allows unauthenticated remote attackers to execute arbitrary code and has been exploited in the wild. Mandiant observed the use of previously unknown malware families, DryHook and PhaseJam, alongside the Spawn malware family, suggesting potential involvement of multiple threat actors.