The VPN is dead. Here's what killed it.

This report outlines a surge of active exploitation against legacy VPN and remote-access appliances between 2024–2026 — citing critical vulnerabilities in Ivanti, SonicWall, and Check Point that nation-state actors and ransomware affiliates have used for espionage, persistent malware, and rapid ransomware deployment (one wave impacted an estimated 70+ organizations); it warns that VPN architecture is an exposed, blind trust boundary and recommends replacing VPNs with identity-aware, content-inspecting zero-trust solutions.