Ivanti has finally released patches for two critical zero-day vulnerabilities, but said the update also covers two new bugs – one of which is being actively exploited in attacks. Ivanti released details of CVE-2023-46805 and CVE-2024-21887 in mid-January, although it’s believed that Chinese actor UTA0178 (aka UNC5221) had been exploiting them as far back as early December 2023.

Source: Infosecurity