Get Permission The Cybersecurity and Infrastructure Security Agency is investigating whether five government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior agency official. Earlier this month, researchers at the security firm FireEye published a report about attack groups attempting to exploit four Pulse Connect Secure vulnerabilities, including a zero-day flaw discovered in April that's now tracked as CVE-2021-22893. Ivanti, the parent company of Pulse Secure, has issued a mitigation fix for the zero-day vulnerability and has urged customers to apply it. Following the disclosure by FireEye and Ivanti, CISA issued an emergency directive requiring executive branch agencies to run tests using the Pulse Connect Secure Integrity Tool to check the integrity of file systems within their networks and report back the results to the agency on April 23.