This shouldn't come as a surprise, but to many it did. Many a company and Government Agencies have been hacked by the IT staff not patching pulse secure solutions they are running.
Why should this not be a surprise? Cyber Security Departments have had replacing Pulse on the list of todo's for years, and even more haven't been keeping updated or fully patched.
Yet another one of the long lists of hacks because Patching systems and hardware are not seen as CRITICAL to IT Management.
The full blog from Pulse on the hack https://blog.pulsesecure.net/pulse-connect-secure-security-update/