UrsaClimb Logo

VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report | TechCrunch

TechCrunch
by Lorenzo Franceschi-Bicchierai
February 23, 2026
AI-Generated Deep Dive Summary
Chinese hackers exploited a secret backdoor in Ivanti's VPN product, compromising over 119 organizations, according to a report by Bloomberg. The breach occurred after the software giant acquired Pulse Secure, one of its subsidiaries, in 2017. Following the acquisition by private equity firm Clearlake Capital Group, rounds of layoffs and cost-cutting, particularly in 2022, weakened the company's security measures. This incident highlights how financial pressures from private equity investments can lead to critical vulnerabilities in tech products. The hackers gained access to Pulse Secure’s network in February 2021 by exploiting a backdoor they had planted in its VPN software. Mandiant, a cybersecurity firm, was reportedly aware of the breaches and alerted Ivanti about attacks on European and U.S. military contractors. The breach underscores how acquisitions and cost-cutting measures can compromise the quality and security of critical technologies. This incident follows earlier reporting on rival remote access provider Citrix, which faced similar issues after a 2022 deal with Elliott Investment Management and Vista Equity Partners. Both Ivanti and Citrix have been plagued by cybersecurity incidents in recent years, raising concerns about the overall security of VPN products and their impact on corporate and government networks. The exploitation of vulnerabilities in Ivanti’s VPN products has led to multiple major attacks, including one where U.S. cybersecurity agency CISA ordered federal agencies to disconnect their Ivanti VPN appliances in early 2024 due to active exploits. Additionally, Ivanti warned customers last year about another critical flaw in its Connect Secure product being exploited by hackers. This issue matters to readers interested in tech and cybersecurity because it reveals how financial pressures and management changes after private equity acquisitions can leave critical security technologies vulnerable. The breaches not only compromise sensitive data but also raise questions about the accountability of companies managing such
Verticals
techstartups
Originally published on TechCrunch on 2/23/2026