b2b-daily
Home | IT | Cyber Security

Nominet Hit by Zero-Day Vulnerability in Ivanti VPN Products, Patches Released

Avatar photo
by Craig Anderson
January 17, 2025
Nominet Hit by Zero-Day Vulnerability in Ivanti VPN Products, Patches Released

In a significant security breach, Nominet, the UK’s top-level domain registry responsible for managing over 11 million domains including .uk, .wales, and .cymru, recently experienced a zero-day vulnerability in Ivanti VPN products. The incident, which came to light in late December, triggered concern among the cybersecurity community due to its potential for widespread impact. The zero-day attack was traced to a buffer overflow vulnerability in Ivanti Connect Secure, a critical flaw that scored a high 9.0 on the CVSS scale. This particular vulnerability leaves the system susceptible to unauthenticated remote code execution, posing a substantial risk to sensitive internet infrastructure. Additionally, this flaw affected versions of Ivanti Connect Secure before 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3.

Quick Patching and Response

On January 8th, Ivanti quickly rolled out a patch for Connect Secure and pledged to fix other affected products by January 21. Nominet responded immediately, applying the patches and notifying the authorities about the breach. Additionally, Nominet enhanced its security measures by tightening VPN access controls to prevent future exploits. During the incident, Nominet collaborated with external experts to investigate the breach, aiming to minimize any damage swiftly. Initial findings showed no data loss or presence of backdoors, and crucial domain registration and management systems remained operational, ensuring uninterrupted services.

This incident underscores the vital importance of rapid detection and response to zero-day vulnerabilities. It reminds us that even well-secured organizations can be targeted and must be equipped to respond promptly to reduce potential damage. As the investigation delved into the specifics of the intrusion, the focus was on understanding the breach’s depth and preventing future occurrences. The swift responses from Ivanti and Nominet highlighted the need for vigilant and adaptive security measures in today’s constantly changing cybersecurity environment.

Information Security

Explore more

Are Retailers Ready for the AI Payments They’re Building?
December 17, 2025

The relentless pursuit of a fully autonomous retail experience has spurred massive investment in advanced payment technologies, yet this innovation is dangerously outpacing the foundational readiness of the very businesses driving it. This analysis explores the growing disconnect between retailers’ aggressive adoption of sophisticated systems, like agentic AI, and their lagging operational, legal, and regulatory preparedness. It addresses the central

Software Can Scale Your Support Team Without New Hires
December 17, 2025

The sudden and often unpredictable surge in customer inquiries following a product launch or marketing campaign presents a critical challenge for businesses aiming to maintain high standards of service. This operational strain, a primary driver of slow response times and mounting ticket backlogs, can significantly erode customer satisfaction and damage brand loyalty over the long term. For many organizations, the

What’s Fueling Microsoft’s US Data Center Expansion?
December 17, 2025

Today, we sit down with Dominic Jainy, a distinguished IT professional whose expertise spans the cutting edge of artificial intelligence, machine learning, and blockchain. With Microsoft undertaking one of its most ambitious cloud infrastructure expansions in the United States, we delve into the strategy behind the new data center regions, the drivers for this growth, and what it signals for

What Derailed Oppidan’s Minnesota Data Center Plan?
December 17, 2025

The development of new data centers often represents a significant economic opportunity for local communities, but the path from a preliminary proposal to a fully operational facility is frequently fraught with complex logistical and regulatory challenges. In a move that highlights these potential obstacles, US real estate developer Oppidan Investment Company has formally retracted its early-stage plans to establish a

Cloud Container Security – Review
December 17, 2025

The fundamental shift in how modern applications are developed, deployed, and managed can be traced directly to the widespread adoption of cloud container technology, an innovation that promises unprecedented agility and efficiency. Cloud Container technology represents a significant advancement in software development and IT operations. This review will explore the evolution of containers, their key security features, common vulnerabilities, and