Multiple threat actors are actively exploiting chained vulnerabilities in Ivanti Connect Secure VPN appliances. The vulnerabilities allow unauthenticated remote code execution and have been used to deploy web shells and backdoors.
CISA has issued an emergency directive requiring all federal agencies to disconnect affected products.