Ivanti Connect Secure and Policy Secure are included in the Storm-1175 Medusa ransomware campaign’s active exploitation portfolio, with CVE-2023-46805 (authentication bypass) and CVE-2024-21887 (command injection) chained together as part of the group’s initial access playbook against critical infrastructure. These CVEs are well-documented and patches have been available; any unpatched Ivanti internet-facing instances represent an immediate ransomware risk. Organizations should verify patch status against Ivanti security advisories and prioritize these systems for the detection steps outlined in the Storm-1175 campaign item.