CISA Issues Deadline for Federal Agencies to Address Pulse Secure Vulnerabilities lucadp/iStock.com email April 21, 2021 01:08 PM ET The vulnerabilities led to the compromise of government agencies early last summer and, together with a newly disclosed flaw, continue to be exploited. Federal agencies have until 5 p.m. Eastern Standard Time April 23 to implement an emergency directive the Cybersecurity and Infrastructure Security Agency issued on vulnerabilities affecting virtual private networking service Pulse Secure Connect, which have already compromised federal agencies. “The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products,” reads an alert accompanying the directive.