https://arstechnica.com/security/2024/01/actively-exploited-0-days-in-ivanti-vpn-are-letting-hackers-backdoor-networks/

Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor authentication and execute malicious code inside networks that use a widely used virtual private network appliance sold by Ivanti, researchers said Wednesday.