Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant’s threat intel team. The software biz disclosed the vulnerabilities in Ivanti Connect Secure (ICS) – the VPN server appliance previously known as Pulse Connect Secure – and its Policy Secure gateways on Wednesday.

Source: The Register