The article discusses a malware called DslogdRAT, which was installed on Ivanti Connect Secure systems by exploiting CVE-2025-0282. The malware communicates with a C2 server during business hours to avoid detection. It uses a web shell for initial access and supports various commands for file operations, shell execution, and proxy functionality. The article details the malware's execution flow, configuration data, and communication method. Additionally, SPAWNSNARE malware was found on the same compromised systems. The attacks are potentially linked to the UNC5221 threat group, and organizations are advised to monitor for ongoing threats targeting Ivanti Connect Secure vulnerabilities.