A zero-day vulnerability in Pulse Connect Secure VPN products has been exploited to target U.S. government agencies, other companies. The fix is a permanent fix for the bug, which is tracked as CVE-2021-22893. It is one of at least four vulnerabilities in the VPN products that have been exploited by various groups, including one with connections to China. Ivanti and the Cybersecurity and Infrastructure Security Agency are urging organizations that use Pulse Secure products to immediately apply the patch.”]
Source: https://www.cuinfosecurity.com/pulse-secure-vpn-zero-day-flaw-patched-a-16513