Several cyberespionage groups have been breaking into networks of organizations from the U.S. and Europe by exploiting vulnerabilities in VPN appliances from zero-trust access provider Pulse Secure. The flaw allows attackers to bypass authentication on the Pulse Connect Secure (PCS) VPN solution and execute arbitrary code. The vulnerability is rated critical with a severity score of 10 on the CVSS scale. A patch for the issue will be included in version 9.1R.11.4 of the PCS server.”]