TRAILBLAZE & BRUSHFIRE Malware Deployed in Ivanti Apps/Services

Ivanti has patched a critical security vulnerability affecting ICS VPN appliances, Pulse Connect Secure, Ivanti Policy Secure, & ZTA gateways

April 4, 2025 · 1 min · 36 words · Brandon Cooke

However, this flaw was fixed in Ivanti Connect Secure version 22.7R2.6 released February 11, 2025.

Customers should monitor their external ICT and look for web server crashes.

UNC5221 has previously leveraged three zero-day vulnerabilities:CVE-2025-0282,CVE-2023-46805andCVE-2024-21887.

Ivanti flaw exploited

spot_img