https://techcrunch.com/2024/01/16/hackers-ivanti-vpn-mass-exploitation/

Malicious hackers have begun mass-exploiting two critical zero-day vulnerabilities in Ivanti’s widely-used corporate VPN appliance.

That’s according to cybersecurity company Volexity, which first reported last week that China state-backed hackers are exploiting the two unpatched flaws in Ivanti Connect Secure — tracked as CVE-2023-46805 and CVE-2024-21887 — to break into customer networks and steal information. At the time, Ivanti said it was aware of “less than 10 customers” affected by the “zero-day” flaws, described as such given that Ivanti had no time to fix the flaws before they were exploited.