US Cybersecurity and Infrastructure Security Agency issues directive to mitigate vulnerability in Pulse Connect Secure (PCS) VPN appliances. At least two state-backed threat groups exploited bug (tracked as CVE-2021-22893) to breach government and defense organizations in the US and across the globe. Attackers exploit this vulnerability in conjunction with older ones to gain persistent system access and take over enterprise networks with vulnerable PCS devices. Agencies told to check for compromise signs every 24 hours to look for evidence of compromise.
Source: https://www.bleepingcomputer.com/news/security/cisa-orders-federal-orgs-to-mitigate-pulse-secure-vpn-bug-by-friday/