According to the NJCCIC, the National Security Agency (NSA) and the UK's National Cyber Security Centre (NCSC) issued advisories in October highlighting the exploitation of VPN vulnerabilities by advanced persistent threat (APT) actors. Researchers at Immersive Labs recently discovered and disclosed a vulnerability within Aviatrix VPN, a cloud-native networking software provider which provides VPN services to various enterprises such as NASA, Shell and multiple telecommunication companies. The vulnerability could allow a threat actor to achieve privilege escalation on a compromised machine and gain access to system files and network services, says the report. A patch was released shortly after the disclosure.