RESURGE Malware: CISA Warns It May Be Dormant on Your Ivanti Devices Right Now (CVE-2025-0282)

CISA just updated its malware analysis report on RESURGE — and the finding is alarming: this implant can remain dormant and undetected on Ivanti Connect Secure devices, silently waiting for its operators to reconnect. If your organization runs Ivanti Connect Secure, Policy Secure, or ZTA Gateways, this is a must-read. What Is RESURGE? RESURGE is a sophisticated Linux implant that combines the capabilities of a rootkit, backdoor, bootkit, dropper, proxy, and tunneler — all in a single shared library ( libdsupgrade.so ). It was discovered on a critical infrastructure entity's Ivanti Connect Secure device after exploitation of CVE-2025-0282 , a stack-based buffer overflow enabling remote code execution. RESURGE is the evolution of the SPAWNCHIMERA malware family, which itself consolidated four earlier tools: SPAWNANT, SPAWNMOLE, SPAWNSNAIL, and SPAWNSLOTH. RESURGE adds three entirely new command sets that its predecessors lacked. Attribution: UNC5337 (China-nexus espionage) and Silk Typho

RESURGE Malware: CISA Warns It May Be Dormant on Your Ivanti Devices Right Now (CVE-2025-0282)

Related Articles

Concurrency, What does that even mean, what are they talking about…?

Most of the work that matters… no one will ever see.

The Distance Between Assumption and Discovery

test

Playing Wolfenstein 3D with one hand in 2026

Related Articles

News
Concurrency, What does that even mean, what are they talking about…?
Medium Programming • 4d ago

News
Most of the work that matters… no one will ever see.
Medium Programming • 4d ago

News
The Distance Between Assumption and Discovery
Medium Programming • 4d ago

News
Playing Wolfenstein 3D with one hand in 2026
Ars Technica • 4d ago