Nominet says it was hit by cyberattack following recent Ivanti VPN security issue

(Image credit: vpn)

Nominet warns customers about a recent cyberattack
The company says the attackers abused an Ivanti zero-day
So far, there is no evidence of data tampering or backdoor dropping

Top domain registrar company Nominet has warned its customers of a cyberattack it suffered due to a zero-day vulnerability in Ivanti VPN products.

Citing a letter being sent to affected individuals, The Register claims the company suggests the criminals may have made their way in using the recently-highlighted Ivanti security flaws.

“The entry point was through third-party VPN software supplied by Ivanti that enables our people to access systems remotely." the letter apparently reads. "The unauthorized intrusion into our network exploited a zero-day vulnerability."

Abusing a zero-day

Nominet says it has not yet found any evidence of data leaks, or theft, and says that the attackers did not plant any backdoors or other malware onto its systems.

"Aided by external experts, our investigation continues, and we have put additional safeguards in place, including restricted access to our systems from VPN," it said.

The company confirmed its systems are operating normally and that the attack did not cause any significant disruption.

While it was not specifically mentioned, The Register speculates the attackers could have abused CVE-2025-0282, a zero-day recently found in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.

Ivanti had recently warned customers of a critical vulnerability impacting its VPN appliances being actively exploited in the wild to drop malware. In a security advisory, the company said it uncovered two vulnerabilities recently - CVE-2025-0282 and CVE-2025-0283, both of which are impacting Ivanti Connect Secure VPN appliances.

The former was given a severity score of 9.0 (critical), and is described as an unauthenticated stack-based buffer overflow. “Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network,” it was said.

The company urged customers to apply the patch immediately, and provided further details about the threat actors and their tools.

Via The Register

US Treasury declares ‘major incident’ after apparent state-sponsored Chinese hack
Here's a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.