PHASEJAM is a well-written and multifaceted bash shell script. It first installs a web shell that gives the remote hackers privileged control of devices. It then injects a function into the Connect Secure update mechanism that’s intended to simulate the upgrading process.

Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called 'Dryhook' and 'Phasejam' that is not currently associated with any threat group.

VPN appliance maker Ivanti has begun releasing updates to patch a zero-day vulnerability being actively exploited by suspected nation-state attackers. Experts are

Ivanti confirms zero-day exploitation of a remotely exploitable code execution vulnerability (CVE-2025-0282) in its Connect Security products.

Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances.

Ivanti has warned customers of a critical vulnerability impacting its VPN appliances that is being actively exploited in the wild to drop malware. In a security advisory, Ivanti said that it uncovered two vulnerabilities recently - CVE-2025-0282 and CVE-2025-0283,

Ivanti is a major provider of infrastructure management and cybersecurity software with more than 40,000 customers. According to the company, those customers include several U.S. government agencies.