https://techcrunch.com/2024/01/31/ivanti-patches-two-zero-days-under-attack-but-finds-another/

Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance.

Since early December, ​​Chinese state-backed hackers have been exploiting Ivanti Connect Secure’s flaws — tracked as CVE-2023-46805 and CVE-2024-21887 — to break into customer networks and steal information.