Ivanti Connect Secure and Policy Secure are confirmed targets in the Storm-1175 Medusa ransomware campaign, exploited via authentication bypass (CVE-2023-46805, CWE-287) and command injection (CVE-2024-21887, CWE-78) weaknesses. Both CVEs are part of a zero-day exploitation cluster where attacks began more than seven days before patches were available and ransomware deployment follows within 24 hours of initial access. Organizations should immediately isolate any unpatched Ivanti instances behind MFA-enforced gateways, apply available patches, and rotate all credentials and certificates associated with affected systems.