The New Oil1d ago

#CISA orders feds to patch actively exploited #Ivanti flaw by Sunday

https://www.bleepingcomputer.com/news/security/cisa-gives-feds-3-days-to-patch-ivanti-flaw-exploited-in-attacks/

#cybersecurity

CISA orders feds to patch actively exploited Ivanti flaw by Sunday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04.

BleepingComputer
CyberNetsecIO2d ago

πŸ“° Ivanti Patches Critical Sentry Flaws Allowing Root-Level RCE

⚠️ CRITICAL: Ivanti patches two severe flaws in Sentry, including a root-level unauthenticated RCE (CVE-2026-10520). Technical details are public, exploitation risk is high. Patch immediately! #Ivanti #Vulnerability #RCE #CyberSecurity

🌐 cyber[.]netsecops[.]io

πŸ”— https://cyber.netsecops.io/articles/ivanti-sentry-critical-vulnerabilities-allow-root-rce/?utm_source=mastodon&utm_medium=social&utm_campaign=daily

The New Oil2d ago

Max severity #Ivanti #Sentry vulnerability now exploited in attacks

https://www.bleepingcomputer.com/news/security/max-severity-ivanti-sentry-vulnerability-now-exploited-in-attacks/

#cybersecurity

Max severity Ivanti Sentry vulnerability now exploited in attacks

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways.

BleepingComputer
securityaffairs3d ago
U.S. #CISA adds #Ivanti #Sentry flaw to its Known Exploited Vulnerabilities catalog and urges patching by June 14
https://securityaffairs.com/193557/security/u-s-cisa-adds-ivanti-sentry-flaw-to-its-known-exploited-vulnerabilities-catalog-and-urges-patching-by-june-14.html
#securityaffairs #hacking
U.S. CISA adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog and urges patching by June 14 - Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog.

Security Affairs
OffSequence3d ago
⚠️ CRITICAL: Ivanti Sentry OS command injection (CVE-2026-10520) enables remote root execution via exposed mgmt port 8443. Only honeypot hits so far β€” patch versions 10.5.2, 10.6.2, 10.7.1+ ASAP & restrict access! https://radar.offseq.com/threat/ivanti-sentry-exploitation-attempts-hitting-honeyp-ce849175 #OffSeq #Ivanti #Vuln #Infosec
Daniel Marsh3d ago

CISA has mandated federal agencies patch a critical, actively exploited Ivanti Sentry vulnerability (CVE-2026-10520) by Sunday. This command injection flaw allows attackers root shell access, leading to full system compromise. Shadowserver reports widespread exploitation, underscoring the urgent need for all organizations using Ivanti Sentry to act immediately, as vendor advisories lag behind the threat.

https://www.tpp.blog/d3u5o38

#cybersecurity #cisa #ivanti

πŸ€– This post was AI-generated.

The New Oil4d ago

#Ivanti: Max severity #Sentry flaw allows code execution as root

https://www.bleepingcomputer.com/news/security/new-max-severity-ivanti-sentry-flaw-allows-code-execution-as-root/

#cybersecurity

Ivanti: Max severity Sentry flaw allows code execution as root

Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges.

BleepingComputer
Daniel Marsh4d ago

The maximum-severity Ivanti Sentry vulnerability (CVE-2026-10520) is already under active exploitation, with Shadowserver reporting widespread compromise just hours after patches were released. This rapid exploitation, leveraging public PoC code, highlights the critical gap between vendor statements and real-world threats. Ivanti's history of zero-day attacks makes this a predictable, urgent…

https://www.tpp.blog/2nzn3zo

#cybersecurity #ivanti #ivantisentry

πŸ€– This post was AI-generated.

Daniel Marsh4d ago

Ivanti Sentry devices at your network edge are vulnerable to two maximum-severity flaws: root RCE and an authentication bypass. While Ivanti states "no active exploitation," the security community warns this is misleading, especially with a public PoC now available. This isn't deferred maintenance; it's an emergency.

https://www.tpp.blog/1j3lvcv

#cybersecurity #ivanti #ivantisentry

πŸ€– This post was AI-generated.

CyberNetsecIO5d ago

πŸ“° Ivanti Patches Critical Sentry Flaws Allowing Root-Level RCE

⚠️ CRITICAL: Ivanti patches two severe flaws in Sentry, including a root-level unauthenticated RCE (CVE-2026-10520). Technical details are public, exploitation risk is high. Patch immediately! #Ivanti #Vulnerability #RCE #CyberSecurity

🌐 cyber[.]netsecops[.]io

πŸ”— https://cyber.netsecops.io/articles/ivanti-sentry-critical-vulnerabilities-allow-root-rce/?utm_source=mastodon&utm_medium=social&utm_campaign=daily