SonicWall found no evidence of a new vulnerability after probing reports of a zero-day used in ransomware attacks. SonicWall investigated claims of a zero-day being used in ransomware attacks but found no evidence of any new vulnerability in its products. SonicWall launched the investigation after a surge in Akira ransomware attacks targeting Gen 7 firewalls with SSLVPN […]
SonicWall probes possible new zero-day after spike in Akira ransomware attacks on Gen 7 firewalls with SSLVPN enabled. SonicWall is investigating a potential new zero-day after a surge in Akira ransomware attacks targeting Gen 7 firewalls with SSLVPN enabled. The company is working to determine if the incidents stem from an existing flaw or a […]
Akira ransomware targets fully patched SonicWall VPNs in suspected zero-day attacks, with multiple intrusions seen in late July 2025. Arctic Wolf Labs researchers reported that Akira ransomware is exploiting SonicWall SSL VPNs in a likely zero-day attack, targeting even fully patched devices. Arctic Wolf Labs observed multiple intrusions via VPN access in late July 2025. […]
SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS score of 9.1), in SMA 100 appliances SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS score of 9.1), in SMA 100 appliances. Experts warn customers to check their installs for Indicators of Compromise (IoCs) associated with Overstep malware attacks. The issue is an authenticated arbitrary […]
UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware. Google’s Threat Intelligence Group warns that a threat actor tracked as UNC6148 has been targeting SonicWall SMA appliances with new malware dubbed Overstep. Active since at least October 2024, the group uses a backdoor and user-mode rootkit […]
Hackers spread a trojanized version of SonicWall VPN app to steal login credentials from users accessing corporate networks. Unknown threat actors are distributing a trojanized version of SonicWall NetExtender SSL VPN app to steal user credentials. The legitimate NetExtender app lets remote users securely access and use company network resources as if they were on-site. […]
SonicWall confirmed that threat actors actively exploited two vulnerabilities impacting its SMA100 Secure Mobile Access (SMA) appliances. SonicWall revealed that attackers actively exploited two security vulnerabilities, tracked as CVE-2023-44221Â and CVE-2024-38475, in its SMA100 Secure Mobile Access appliances. Below are the descriptions of the two flaws: “During further analysis, SonicWall and trusted security partners identified an […]
Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively exploit a vulnerability, tracked as CVE-2021-20035 (CVSS score of 7.1), in SonicWall Secure Mobile Access (SMA) since at least January 2025. The vulnerability is an OS Command […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA1000 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added a SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) vulnerability, tracked as CVE-2025-23006Â to its Known Exploited Vulnerabilities (KEV) catalog. This week, SonicWall warned customers of a critical […]
SonicWall warns customers of a critical zero-day vulnerability in SMA 1000 Series appliances, likely exploited in the wild. SonicWall is warning customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA) 1000 Series appliances. The vulnerability is a Pre-authentication deserialization of untrusted data issue in the […]