Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report on a new malware variant called RESURGE, which has sophisticated persistence and manipulation capabilities, particularly linked to a known vulnerability in Ivanti products. The report highlights detailed mitigation measures in response to RESURGEβs exploitation of the CVE-2025-0282 vulnerability. Organizations are advised to perform factory resets, reset credentials, and review access policies to enhance security.
Affected: Ivanti Connect Secure, Policy Secure, and ZTA Gateways
Keypoints :
- RESURGE malware can create web shells, manipulate integrity checks, and modify files.
- It is strongly associated with the exploitation of CVE-2025-0282, a stack-based buffer overflow vulnerability.
- Recommended actions include factory resets, credential resets, and continuous monitoring for unauthorized access.
Source: https://securityonline.info/cisa-warns-of-resurge-malware-exploiting-ivanti-vulnerability/