A critical zero-day security hole in Pulse Secure VPN devices has been exploited by nation-state actors. The flaw, tracked as CVE-2021-22893, allows remote code-execution (RCE) and is being used in the wild to gain administrator-level access to the appliances. Pulse Secure said that the vulnerability will be patched in early May; in the meantime, the company worked with Ivanti (its parent company) to release mitigations and the Pulse Connect Secure Integrity Tool.
Source: https://threatpost.com/pulse-secure-critical-zero-day-active-exploit/165523/