MITRE Corporation disclosed a nation-state cyber attack exploiting two zero-day vulnerabilities in Ivanti Connect Secure appliances since January 2024. The breach compromised its NERVE research network, bypassing multi-factor authentication. Threat actors utilized CVE-2023-46805 and CVE-2024-21887 to infiltrate, escalate privileges, and establish persistence via backdoors and web shells. MITRE reassured no core systems were affected and contained the incident, conducting forensic analysis. The attack, attributed to nation-state cluster UTA0178, suggests China’s involvement. MITRE’s CEO emphasized the need for vigilance despite robust cybersecurity. The timely disclosure underscores MITRE’s commitment to public interest and advocating for enhanced cybersecurity practices.