PPL A.I CyberSecurity Scoring
PPL
Company Information
Website:http://www.pulsesecure.com
Employees number:44
Number of followers:0
NAICS:541514
Industry Type:Computer and Network Security
Homepage:pulsesecure.com
PPL Risk Score (AI oriented)
Between 800 and 849
PPLComputer and Network Security
Updated:
12/05/2026
12/05/2026
803/1000
Good
A
PPL Global Score (TPRM)
xxxx
PPLComputer and Network Security
Score locked

PPLGood
Current Score
803A (GOOD)
01000
2 incidents
-4 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
804
JUNE 2026
804
MAY 2026
807
Vulnerability
11 May 2026 • PPL
Ivanti and Pulse Secure: 13WMAZ
Critical Zero-Day Exploit in Popular VPN Software Exposes Thousands of Organizations
803
CRITICAL-4
PULIVA1778545811
Critical Zero-Day Exploit in Popular VPN Software Exposes Thousands of Organizations
A newly discovered zero-day vulnerability in Pulse Secure VPN, a widely used enterprise virtual private network solution, has left thousands of organizations exposed to potential cyberattacks. The flaw, tracked as CVE-2024-21887, allows unauthenticated attackers to execute arbitrary code remotely on vulnerable systems, granting full control over affected servers.
Security researchers at ShadowServer Foundation first identified the exploit in late January 2024, warning that threat actors were actively scanning for unpatched Pulse Secure VPN appliances. The vulnerability affects versions 9.1R11.4 and earlier, with evidence suggesting exploitation attempts as early as December 2023. By mid-February, over 12,000 exposed instances were detected globally, with the highest concentrations in the U.S., Japan, and Germany.
The exploit leverages a command injection flaw in Pulse Secure’s web interface, enabling attackers to bypass authentication and deploy malware, exfiltrate data, or move laterally within compromised networks. While Ivanti (Pulse Secure’s parent company) released an emergency patch on February 5, 2024, many organizations remain unprotected due to delayed updates. Cybersecurity firm Mandiant reported that state-sponsored hacking groups, including those linked to China and Russia, have already weaponized the vulnerability in targeted espionage campaigns.
The incident underscores the risks of unpatched critical infrastructure, particularly in sectors like government, healthcare, and finance, where Pulse Secure VPN is heavily deployed. Organizations that fail to apply the patch risk data breaches, ransomware attacks, or persistent network compromise. As of the latest scans, nearly 30% of exposed systems remain unpatched, leaving them vulnerable to ongoing exploitation.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
807
MARCH 2026
806
FEBRUARY 2026
806
JANUARY 2026
806
DECEMBER 2025
805
NOVEMBER 2025
805
OCTOBER 2025
805
SEPTEMBER 2025
804
AUGUST 2025
804
MAY 2025
812
Cyber Attack
01 May 2025 • PPL
Sophos, Fortinet, Ivanti, Palo Alto Networks and Pulse Secure: Attackers Use SEO Poisoning and Signed Trojans to Steal VPN Credentials
Storm-2561 Credential Theft Campaign Exploits SEO to Target Enterprise VPN Users
803
CRITICAL-9
PALIVASOPPULFOR1773764643
Storm-2561 Credential Theft Campaign Exploits SEO to Target Enterprise VPN Users
Since May 2025, the financially motivated threat actor Storm-2561 has been conducting a credential theft campaign by manipulating search engine rankings to distribute fake VPN software. The operation targets employees searching for tools like Pulse Secure, Fortinet, and Ivanti, redirecting them to spoofed websites that deliver malicious download packages.
Victims who install the fake software unknowingly expose their VPN credentials, which are silently harvested and sent to attacker-controlled servers. The campaign leverages SEO poisoning to push fraudulent sites to the top of search results for queries such as “Pulse VPN download.” These sites mimic legitimate vendor portals, complete with logos and download buttons, while hosting malicious ZIP files on GitHub repositories since removed.
The trojans were digitally signed with a certificate issued to “Taiyuan Lihua Near Information Technology Co., Ltd.”, which has since been revoked. Microsoft Defender Experts identified the campaign in mid-January 2026, attributing it to Storm-2561 based on its history of malware distribution through SEO abuse and software impersonation.
After credential theft, the fake VPN client displays a convincing error message before redirecting the victim to the official vendor website, ensuring no visible signs of compromise. The attack delivers its payload via a Windows Installer (MSI) package disguised as a legitimate Pulse Secure installer, dropping malicious DLL files (dwmapi.dll and inspector.dll) that function as an in-memory loader and a variant of the Hyrax infostealer. The malware exfiltrates credentials to 194.76.226[.]93:8080 and maintains persistence via the Windows RunOnce registry key.
The campaign extends beyond Pulse Secure, with additional fake installers for GlobalProtect VPN and Sophos Connect discovered under the same certificate. Stolen credentials enable lateral movement within corporate networks, unauthorized data access, and follow-on attacks, posing a significant risk to enterprises relying on VPNs for remote operations. The attack’s sophistication combining realistic spoofing, legitimate-looking signatures, and post-compromise redirection makes detection particularly challenging.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for PPL ??
What was PPL's A.I Rankiteo Cyber Score in June 2026 ??
What was PPL's A.I Rankiteo Cyber Score in May 2026 ??
What was PPL's A.I Rankiteo Cyber Score in April 2026 ??
What was PPL's A.I Rankiteo Cyber Score in March 2026 ??
What was PPL's A.I Rankiteo Cyber Score in February 2026 ??
What was PPL's A.I Rankiteo Cyber Score in January 2026 ??
What was PPL's A.I Rankiteo Cyber Score in December 2025 ??
What was PPL's A.I Rankiteo Cyber Score in November 2025 ??
What was PPL's A.I Rankiteo Cyber Score in October 2025 ??
What was PPL's A.I Rankiteo Cyber Score in September 2025 ??
What was PPL's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on PPL's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with PPL ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view PPL's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?