Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix - Cyber Security News

Among these incidents, cybersecurity researchers identified an evolved variant of the SPAWN malware family dubbed “SPAWNCHIMERA” that not only exploits this flaw but also deploys a self-contained fix to prevent competing threat actors from leveraging the same vulnerability. The malware dynamically modifies strncpy to limit buffer copies to 256 bytes, effectively neutralizing the buffer overflow vulnerability it exploits. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Bypass Detection: Disables the patch if the source buffer’s first four bytes match 0x04050203, allowing selective exploitation by the malware operators. Security teams analyzing compromised systems might erroneously conclude the vulnerability is patched, overlooking SPAWNCHIMERA’s persistence mechanisms. This vulnerability, caused by improper handling of the strncpy function in the web server component, allowed attackers to execute arbitrary code remotely. With SPAWNCHIMERA’s hash (94b1087af3120ae22cea734d9eea88ede4ad5abe4bdeab2cc890e893c09be955) now public, organizations can hunt for this specific threat while remaining vigilant for further evolution of the SPAWN malware family. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Ivanti disclosed a critical buffer overflow vulnerability (CVE-2025-0282) affecting its Connect Secure VPN appliances. SPAWNCHIMERA represents a modular upgrade to previous SPAWN malware variants (SPAWNANT, SPAWNMOLE, SPAWNSNAIL), combining their functionalities into a unified framework. However, researchers noted that its most striking feature is a built-in vulnerability patch designed to monopolize exploitation of CVE-2025-0282.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 21 Feb 2025 07:00:33 +0000

Cyber News related to SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix - Cyber Security News

SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix - Cyber Security News - Among these incidents, cybersecurity researchers identified an evolved variant of the SPAWN malware family dubbed “SPAWNCHIMERA” that not only exploits this flaw but also deploys a self-contained fix to prevent competing threat actors ...
6 months ago Cybersecuritynews.com CVE-2025-0282 Chimera

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
2 months ago Cybersecuritynews.com

Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
1 year ago Unit42.paloaltonetworks.com CVE-2023-46805 CVE-2024-21887

Ivanti Security Update: Patch for Multiple Vulnerabilities in Connect and Policy Secure - Ivanti, a leading provider of IT security and management solutions, has announced the release of critical updates for its Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. Organizations using Ivanti Connect Secure and Policy Secure ...
1 month ago Cybersecuritynews.com

Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887 CVE-2024-21888 CVE-2024-21893

Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887

The Rise of Cyber Insurance - What CISOs Need to Consider - Cyber insurance offers not just financial protection against potentially devastating cyber incidents but also provides frameworks for improving security posture, access to specialized resources, and support during crisis scenarios. Beyond financial ...
4 months ago Cybersecuritynews.com

CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887

Ivanti patches Connect Secure zero-day exploited since mid-March - Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. While Ivanti has yet to disclose more details ...
5 months ago Bleepingcomputer.com CVE-2025-22457

Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
1 year ago Techtarget.com CVE-2023-46805 CVE-2024-21887

Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
1 year ago Cyberdefensemagazine.com

Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed - The vulnerability was recently exploited in the wild by a suspected China-nexus threat actor, affecting Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways. A detailed technical analysis has been published regarding ...
4 months ago Cybersecuritynews.com CVE-2025-22457

New cybercrime crew Magnet Goblin caught exploiting Ivanti The Register - There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed ...
1 year ago Theregister.com Volt Typhoon Cactus

Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
1 year ago Techrepublic.com

Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
1 year ago Pandasecurity.com

Blind Eagle Hackers Leveraging Google Drive, Dropbox & GitHub To Bypass Security Defenses - After infection, Remcos can capture user credentials by logging keystrokes and stealing stored passwords, modify and delete files to sabotage systems or encrypt data for ransom, establish persistence through scheduled tasks and registry modifications ...
5 months ago Cybersecuritynews.com CVE-2024-43451 APT-C-36

Chinese Hackers Actively Exploiting Ivanti VPN Vulnerability to Deploy Malware - Security researchers have identified a critical vulnerability in Ivanti Connect Secure (ICS) VPN appliances that is being actively exploited by suspected Chinese threat actors. Google Threat Intelligence analysts identified that following successful ...
5 months ago Cybersecuritynews.com

Ivanti Connect Secure Vulnerability (CVE-2025-22457) Actively Exploited in the Wild - Ivanti has disclosed a critical vulnerability, CVE-2025-22457, affecting its Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways products that are actively exploited in the wild. The vulnerability was patched in Ivanti ...
5 months ago Cybersecuritynews.com CVE-2025-22457

IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
1 year ago Techrepublic.com

New Attack Targeting Japanese Companies Exploiting Ivanti & Fortinet VPN Vulnerabilities - Once inside, attackers deploy various malware families including RokRAT, which enables data exfiltration to legitimate cloud storage services, and PlugX, utilized by the TELEBOYi attack group for command and control operations. A sophisticated cyber ...
1 month ago Cybersecuritynews.com CVE-2025-22457

Hackers Abused GitHub to Spread Malware Mimic as VPN - This approach enables the malware to inject its payload into legitimate Windows processes such as MSBuild.exe and aspnet_regiis.exe, effectively hiding its malicious activities within trusted system processes while establishing persistence and ...
1 month ago Cybersecuritynews.com

Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
1 year ago Go.theregister.com CVE-2024-22024

Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
1 year ago Securityzap.com

Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
1 year ago Cyberdefensemagazine.com

New Chimera Malware That Outsmarts Antivirus, Firewalls, & Humans - This advanced malware first appeared in March 2025 when it infiltrated X Business, a small e-commerce company specializing in handmade home décor, through what appeared to be a routine software update to their inventory management system. This code ...
4 months ago Cybersecuritynews.com Chimera