China’s Volt Typhoon Exploits Zero-Day Flaw in Versa’s SD-WAN Director Servers
Lumen researchers identified the bug and reported it to Versa in June, with active exploitation by Volt Typhoon observed since at least June. The attackers use a Web shell called VersaMem to capture credentials and monitor system activity.