SonicWall Urges Admins to Disable SSLVPN Amid Rising Attacks
GLOBAL, AUG 5 – SonicWall warns customers to disable SSL VPN services after at least 20 ransomware attacks exploiting a likely zero-day vulnerability bypassed multifactor authentication, impacting fully patched devices.
- SonicWall on August 5, 2025, urged investigation into a potential zero-day after a surge in Akira ransomware attacks targeting Gen 7 firewalls with SSLVPN enabled.
- Arctic Wolf Labs reported on Friday that it observed multiple Akira ransomware attacks since July 15th, and Huntress confirmed on Monday with indicators of compromise.
- Evidence shows Arctic Wolf Labs reported Akira ransomware targeting fully patched SonicWall SSLVPNs, suggesting a potential zero-day exploit.
- The advisory urged SonicWall to disable SSLVPN services when practical, restrict access to trusted IPs, enable Botnet Protection and Geo-IP Filtering, enforce MFA, and remove unused accounts.
- Regulatory bodies may scrutinize how vendors disclose and remediate potential zero-day vulnerabilities, as this incident underscores escalating risks for enterprise network security tools.
16 Articles
16 Articles
SonicWall firewalls hit by active mass exploitation of suspected zero-day
SonicWall warned customers to disable encryption services on Gen 7 firewalls in the wake of an active attack spree targeting a yet-to-be identified vulnerability affecting a critical firewall service. Attacks have increased notably since Friday, the company said in a blog post. Threat hunters and incident responders from Arctic Wolf, Google and Huntress have observed a wave of ransomware attacks beginning as early as July 15. Mounting evidence p…
SonicWall urges customers to disable SSLVPN amid reports of ransomware attacks
Security researchers say they have evidence that ransomware gangs are hacking into large companies that rely on fully-patched SonicWall firewalls. The researchers say it's likely the flaw is a "zero-day" bug currently unknown to SonicWall.
Akira in the Network: From SonicWall Access to Ransomware Deployment
SonicWall confirms active exploitation of an as-yet-unnamed 0-day on their Gen 7 firewalls’ SSL VPN, enabling attackers to bypass MFA, steal credentials, and deploy Akira ransomware within hours. Telemetry from Huntress shows dozens of intrusions against fully patched TZ and NSa-series appliances running firmware ≤ 7.2.0-7015. Organisations should disable SSL VPN or restrict it to trusted IPs, gather enhanced logs, and apply the detections below…
SonicWall Customers at Risk: Disable VPN Now, Experts Warn
Security Firms Warn of Likely Zero-Day Exploit Targeting SonicWall Firewalls Immediate Threat: VPN-Linked Intrusions Target SonicWall Devices SonicWall… The post SonicWall Customers at Risk: Disable VPN Now, Experts Warn appeared first on IMP.NEWS.
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium