A suspected China-linked group, UNC5221, is exploiting a critical vulnerability (CVE-2025-22457) in Ivanti Connect Secure VPN appliances (versions 22.7R2.5 and earlier). The flaw, initially thought to cause only denial-of-service, allows remote code execution. Active exploitation was detected in March 2025, deploying new malware like TRAILBLAZE and BRUSHFIRE passive backdoor....