Security researchers have identified attackers exploiting two vulnerabilities in Ivanti Connect Secure (ICS) to install the Mirai botnet.

The vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, allow remote execution of arbitrary commands on affected gateways.

These security flaws comprise an authentication bypass and a command injection issue, enabling unauthorized access and control over unpatched systems.

Attackers are using encoded URLs to download and run malicious scripts, leading to the spread of Mirai bots and potentially other malware.

The exploitation of these vulnerabilities signifies a deepening concern for network security and the constant evolution of cyber threats, emphasizing the need for vigilant patch management and security countermeasures.