At least two threat actors have been behind a series of intrusions targeting defense, government, and financial organizations in the U.S. and elsewhere by leveraging critical vulnerabilities in Pulse Secure VPN devices. A newly discovered zero-day authentication bypass vulnerability (CVE-2021-22893) is currently being exploited in the wild and for which there is no patch available yet. A fix for the issue is expected to be in place by early May, while a fix is available for the flaw.
Source: https://thehackernews.com/2021/04/warning-hackers-exploit-unpatched-pulse.html