CISA spots spawn of Spawn malware targeting Ivanti flaw

Owners of Ivanti’s Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of malware to fend off, according to the US Cybersecurity and Infrastructure Security Agency, aka CISA.

If you haven't yet patched your vulnerable Ivanti kit, you now have one more reason to wipe and update it.

Uncle Sam dubbed the latest software nasty Resurge, and warned it infects devices by exploiting CVE-2025-0282 - a critical stack-overflow bug that was used by the Spawn family of malware, among others, in zero-day attacks to infect organizations.

The flaw allows unauthenticated remote code execution. Nominet, the .uk domain registry, was among those hit before the bug was fixed at the start of the year.

The following software is vulnerable if unpatched:

• Ivanti Connect Secure before version 22.7R2.5
• Ivanti Policy Secure before version 22.7R1.2, and
• Ivanti Neurons for ZTA gateways before version 22.7R2 ...