Continued Exploitation of Pulse Secure VPN Vulnerability

CISA warns that unpatched Pulse Secure VPN servers remain widely exploitable via CVE-2019-11510, an unauthenticated arbitrary file-read vulnerability that can expose active user credentials and enable remote compromise; the advisory documents timelines of discovery and abuse (including REvil ransomware deployments and thousands of vulnerable servers), lists affected product versions, and strongly urges application of vendor patches as the primary mitigation.