In 2021, we saw a number of virtual private network (VPN) security vulnerabilities used in attacks against organizations. In April alone, we observed that the CVE-2018-13379 vulnerability in Fortinet’s FortiGate VPN solution was used to launch several ransomware attacks, and a CVE-2021-22893 vulnerability in the Pulse Connect Secure VPN solution was used to bypass authentication and gain access to a number of defense, government, and financial organizations’ networks around the world.  \r\n Malicious actors using VPNs is nothing new \r\n Exploiting VPN security weaknesses is not a new phenomenon; malicious actors have been using VPNs to gain unauthorized network access for many years. That has led to many companies replacing their VPN solutions with Zero Trust Network Access (ZTNA) solutions.  \r\n With a ZTNA approach, users are no longer given access to the entire network, but only to the specific applications that they require to perform their jobs.…