<ul><li>Researchers identified a new malware, named DslogdRAT, deployed after exploiting a now-patched flaw in Ivanti Connect Secure (ICS).</li><li>JPCERT/CC researchers reported that a new malware, dubbed DslogdRAT, and a web shell were deployed by exploiting a zero-day vulnerability during attacks on Japanese organizations in December 2024.</li><li>The vulnerability, tracked as CVE-2025-0282 (CVSS score: 9.0), is a stack-based buffer overflow that impacts Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3.</li><li>DslogdRAT spawns two child processes: one stays idle in a loop, while the second handles core functions like C2 communication and command execution via the pthread library.</li></ul>

JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure

Discover more