Bleeping Computer

Pulse Secure fixes VPN zero-day used to hack high-value targets

Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt ...
Bleeping Computer

CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure ...
Threat Post

Pulse Secure VPNs Get Quick Fix for Critical RCE

One of the workaround XML files automatically deactivates protection from an earlier workaround: a potential path to older vulnerabilities being opened again. Pulse Secure has issued a workaround for ...
CSOonline

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

Over the past few months, several cyberespionage groups, including one believed to be tied to the Chinese government, have been breaking into the networks of organizations from the United States and ...
Dark Reading

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

Nation-state attackers are exploiting high-severity vulnerabilities in the Pulse Secure VPN to breach networks within the US defense sector and organizations around the world, researchers report. IT ...
CRN

Hackers Exploit SolarWinds, Pulse Secure For Credential Theft: Feds

Hackers entered the unidentified victim’s network through a Pulse Secure VPN appliance, moved laterally to the victim’s SolarWinds Orion sever, installed Supernova malware, and stole credentials, ...
Wired

VPN Hacks Are a Slow-Motion Disaster

This year has seen no shortage of blockbuster hacks, from the SolarWinds supply chain meltdown to China’s blitz against Microsoft Exchange servers. It’s a lot. But the outsized focus on those hacking ...