SonicWall

Akira ransomware: From SonicWall VPN login to encryption in under four hours

Akira ransomware: From SonicWall VPN login to encryption in under four hours 2025-09-29 at 18:47 By Zeljka Zorz Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their systems, Arctic Wolf researchers have warned. Armed with SonicWall SSL VPN credentials stolen in earlier […]

React to this headline:

Loading spinner

Akira ransomware: From SonicWall VPN login to encryption in under four hours Read More »

Akira Ransomware’s Exploitation of SonicWall Vulnerability Continues

Akira Ransomware’s Exploitation of SonicWall Vulnerability Continues 2025-09-29 at 13:12 By Ionut Arghire In one attack, the hackers leveraged the Datto RMM utility on a domain controller and various other legitimate tools to evade detection. The post Akira Ransomware’s Exploitation of SonicWall Vulnerability Continues appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Akira Ransomware’s Exploitation of SonicWall Vulnerability Continues Read More »

SonicWall Updates SMA 100 Appliances to Remove Overstep Malware

SonicWall Updates SMA 100 Appliances to Remove Overstep Malware 2025-09-24 at 12:17 By Ionut Arghire The software update includes additional file checks and helps users remove the known rootkit deployed in a recent campaign. The post SonicWall Updates SMA 100 Appliances to Remove Overstep Malware appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

SonicWall Updates SMA 100 Appliances to Remove Overstep Malware Read More »

SonicWall adds rootkit removal capabilities to the SMA 100 series

SonicWall adds rootkit removal capabilities to the SMA 100 series 2025-09-23 at 16:24 By Zeljka Zorz SonicWall has released new firmware for its Secure Mobile Access (SMA) 100 series appliances, adding file-checking capabilities that help users remove known rootkit malware. The malware in question is the OVERSTEP user-mode rootkit, deployed by threat group UNC6148. The

React to this headline:

Loading spinner

SonicWall adds rootkit removal capabilities to the SMA 100 series Read More »

SonicWall says attackers compromised some firewall configuration backup files

SonicWall says attackers compromised some firewall configuration backup files 2025-09-18 at 18:49 By Zeljka Zorz Between attackers exploiting 0-day and n-day vulnerabilities in the company’s firewalls and Secure Mobile Access appliances, SonicWall and its customers have had a tough year. And, unfortunately for them, the troubles are not over: unknown attackers have managed to brute-force

React to this headline:

Loading spinner

SonicWall says attackers compromised some firewall configuration backup files Read More »

SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations

SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations 2025-09-18 at 13:33 By Ionut Arghire The company sent a new preferences file to less than 5% of customers, urging them to import it into firewalls and reset their passwords. The post SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations appeared first on SecurityWeek. This

React to this headline:

Loading spinner

SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations Read More »

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents 2025-09-16 at 15:46 By Zeljka Zorz All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira ransomware attacks Managed security service providers and external incident responders have had a

React to this headline:

Loading spinner

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents Read More »

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls 2025-09-11 at 18:25 By Zeljka Zorz Over a year after SonicWall patched CVE-2024-40766, a critical flaw in its next-gen firewalls, ransomware attackers are still gaining a foothold in organizations by exploiting it. Like last September and earlier this year, the attackers are affiliates of the Akira

React to this headline:

Loading spinner

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls Read More »

Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw

Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw 2025-09-11 at 15:54 By Ionut Arghire The Akira ransomware group is likely exploiting a combination of three attack vectors to gain unauthorized access to vulnerable appliances. The post Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw Read More »

SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability

SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability 2025-08-07 at 20:23 By Eduard Kovacs SonicWall has been investigating reports about a zero-day potentially being exploited in ransomware attacks, but found no evidence of a new vulnerability.  The post SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability Read More »

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls 2025-08-07 at 14:34 By Zeljka Zorz Akira ransomware affiliates are not leveraging an unknown, zero-day vulnerability in SonicWall Gen 7 firewalls to breach corporate networks, the security vendor shared today. “Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which

React to this headline:

Loading spinner

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls Read More »

SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation

SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation 2025-08-05 at 10:58 By Ionut Arghire Threat actors might be exploiting a zero-day vulnerability in SonicWall firewalls in a fresh wave of ransomware attacks. The post SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation Read More »

SonicWall firewalls targeted in ransomware attacks, possibly via zero-day

SonicWall firewalls targeted in ransomware attacks, possibly via zero-day 2025-08-04 at 14:34 By Zeljka Zorz Attackers wielding the Akira ransomware and possibly a zero-day exploit have been spotted targeting SonicWall firewalls since July 15, 2025. “In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through

React to this headline:

Loading spinner

SonicWall firewalls targeted in ransomware attacks, possibly via zero-day Read More »

Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599)

Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599) 2025-07-24 at 13:19 By Zeljka Zorz Sonicwall is asking customers running specific Secure Mobile Access (SMA) 100 Series devices to patch a newly uncovered vulnerability (CVE-2025-40599) as soon as possible. “While there is currently no evidence that this vulnerability is being

React to this headline:

Loading spinner

Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599) Read More »

SonicWall Patches Critical SMA 100 Vulnerability, Warns of Recent Malware Attack

SonicWall Patches Critical SMA 100 Vulnerability, Warns of Recent Malware Attack 2025-07-24 at 13:18 By Ionut Arghire SonicWall advises organizations to patch SMA 100 appliances and look for IoCs associated with Overstep malware attacks. The post SonicWall Patches Critical SMA 100 Vulnerability, Warns of Recent Malware Attack appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

SonicWall Patches Critical SMA 100 Vulnerability, Warns of Recent Malware Attack Read More »

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit 2025-07-16 at 20:54 By Zeljka Zorz Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned. The analysts say UNC6148 – as

React to this headline:

Loading spinner

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit Read More »

SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware

SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware 2025-07-16 at 17:02 By Eduard Kovacs A threat actor that may be financially motivated is targeting SonicWall devices with a backdoor and user-mode rootkit. The post SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware Read More »

SonicWall Warns of Trojanized NetExtender Stealing User Information

SonicWall Warns of Trojanized NetExtender Stealing User Information 2025-06-25 at 14:33 By Ionut Arghire SonicWall says a modified version of the legitimate NetExtender application contains information-stealing code. The post SonicWall Warns of Trojanized NetExtender Stealing User Information appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

SonicWall Warns of Trojanized NetExtender Stealing User Information Read More »

Trojanized SonicWall NetExtender app exfiltrates VPN credentials

Trojanized SonicWall NetExtender app exfiltrates VPN credentials 2025-06-24 at 15:00 By Zeljka Zorz Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). The trojanized SonicWall NetExtender installer SonicWall NetExtender is an SSL‑VPN client used by companies to give remote

React to this headline:

Loading spinner

Trojanized SonicWall NetExtender app exfiltrates VPN credentials Read More »

Possible Zero-Day Patched in SonicWall SMA Appliances

Possible Zero-Day Patched in SonicWall SMA Appliances 2025-05-08 at 16:11 By Ionut Arghire SonicWall patches three SMA 100 vulnerabilities, including a potential zero-day, that could be chained to execute arbitrary code remotely. The post Possible Zero-Day Patched in SonicWall SMA Appliances appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Possible Zero-Day Patched in SonicWall SMA Appliances Read More »

Scroll to Top