A targeted attack against an unnamed organization exploited the Heartbleed OpenSSL vulnerability to hijack web sessions conducted over a virtual private network connection.
Incident response and forensics firm Mandiant shared some details on a recent investigation of an incident that began April 8, one day after Heartbleed was publicly disclosed. Mandiant said the attackers exploited the security vulnerability in OpenSSL running in the client