![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCp6bv4zkK7TBndxQro0WJo4EUmgBaOhWcS_o6wG4Z1DRTNTVzWQuIVngOhwkjq0931XKL27PS1cxuP4l2kJrgtXlaV14w9RdE3Ba0KjaY1fseR6UDS-hR4aXxZ8UNobo3t_MWxLOUdzzH4rJwIcV3PkSxjEUXvhuvYMT4qUDyMo1CBILjgNZphx1bKJbh/s1600/chinese-hackers.jpg)
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that’s used to drop the open-source Sliver adversary simulation tool.
The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused
Source:: The Hackers News