posts
In early 2024, threat actors exploited critical vulnerabilities in Ivanti Connect Secure VPN appliances so aggressively that CISA issued an emergency directive ordering federal agencies to disconnect the devices entirely. Not patch them. Disconnect them. That moment should have been a wake-up call: having a VPN isn't enough.
In May 2024, Check Point disclosed that threat actors were actively exploiting a zero-day vulnerability in its VPN products — CVE-2024-24919 — to harvest Active Directory credentials and move laterally through enterprise networks. Attackers didn't need a sophisticated exploit chain. They needed one VPN gateway running a default configuration with
In May 2023, Barracuda Networks disclosed that a zero-day vulnerability in its VPN appliances had been actively exploited since October 2022 — giving threat actors seven months of undetected access to customer networks. CISA issued an emergency directive. The patch wasn't enough; Barracuda told customers to physically replace compromised
