Ivanti Connect Secure Under Siege
Ivanti discloses another actively exploited zero-day chain in Connect Secure VPN appliances. CVE-2026-0778 and CVE-2026-0779 allow unauthenticated attackers ...
Executive Summary
Two new zero-days in Ivanti Connect Secure are being actively exploited. CVE-2026-0778 (auth bypass) and CVE-2026-0779 (command injection) chain together for persistent root-level control that survives factory resets.
Technical Analysis
Attackers modify firmware components to survive standard reset procedures. Multiple implants create redundant access paths. The same Chinese state-sponsored group behind January attacks is suspected.
Remediation
Apply patches and run new integrity checker. If compromise indicators found, completely reimage appliances from verified installation media—do not rely on factory reset.
References
- Ivanti Security Advisory
https://www.ivanti.com/security-advisories
Concerned about this threat?
Our security team can assess your exposure and recommend immediate actions.
Protect Your Organization
Find vulnerabilities like this in your systems before attackers do.
24/7 monitoring to detect and respond to threats like these in real time.
Block phishing and malware delivery targeting your organization.
Map security controls to 26 frameworks including NIST, SOC 2, and HIPAA.