The Cybersecurity and Infrastructure Security Agency on Tuesday confirmed that a number of federal agencies were compromised by a threat actor last year through vulnerabilities found in virtual private networking software made by Pulse Connect Secure. CISA "is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020 or earlier related vulnerabilities in certain Ivanti Pulse Connect Secure products," according to an April 20 advisory. "Since March 31, 2021, CISA assisted multiple entities whose vulnerable Pulse Connect Secure products have been exploited by a cyber threat actor," the advisory continues.