"Ivanti Zero-Day Patches Delayed as 'KrustyLoader' Attacks Mount"

Attackers exploited a pair of now-patched critical zero-day vulnerabilities in Ivanti VPNs. They have used the flaws to launch a Rust-based set of backdoors, which then download a backdoor malware called "KrustyLoader." The two flaws enable unauthenticated Remote Code Execution (RCE) and authentication bypass, impacting Ivanti's Connect Secure VPN gear. This article continues to discuss the Ivanti vulnerabilities and their exploitation by attackers.

Dark Reading reports "Ivanti Zero-Day Patches Delayed as 'KrustyLoader' Attacks Mount"

Submitted by grigby1