Ivanti Sentry flaw under active exploit with root access
Attackers are exploiting a maximum-severity vulnerability in Ivanti Sentry gateways, gaining root-level code execution on Internet-facing systems.
A recently patched critical vulnerability in Ivanti Sentry is now being exploited in the wild. The flaw allows attackers to execute arbitrary code with root privileges on exposed secure mobile gateways.
Ivanti Sentry functions as a gateway for secure mobile access to enterprise resources. The vulnerability affects Internet-exposed instances, creating a direct pathway for attackers to compromise gateway infrastructure with the highest level of system access. Root privileges grant complete control over affected devices, enabling data exfiltration, lateral movement, and persistent access.
The vulnerability carries a maximum severity rating. Ivanti released patches prior to active exploitation being observed, but organizations that have not yet applied updates remain exposed. The window between patch release and active exploitation continues to narrow across enterprise software vulnerabilities.
- 01Organizations using Ivanti Sentry face immediate risk of root-level compromise on gateway infrastructure.
- 02Unpatched instances provide attackers direct access to enterprise mobile gateway environments.
- 03Security teams must prioritize emergency patching or network isolation for exposed Sentry deployments.
- 04Incident response teams should audit Sentry logs for indicators of compromise dating to patch release.
Ransomware attack executed entirely by AI agent, researchers report
JadePuffer operation marks what may be the first documented case of a fully autonomous LLM-driven ransomware deployment from reconnaissance to encryption.
Agentic AI Executes Multi-Stage Ransomware Attack via Langflow
Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.
FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships
Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.