SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw

Threat Score:

BleepingComputer

4 hours ago

Part of cluster #1650

Overview

SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw Bill Toulas August 7, 2025 11:27 AM 0 SonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw. The company says that the attackers are targeting CVE-2024-40766, an unauthorized access flaw fixed in August 2024. "We now have high confidence that the recent SSLVPN activity is not connected to a zero-day vulnerability,...

Continue Reading on Original Site

5 articles

CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE

OSS Security • 2 hours ago

oss-secmailing list archives CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE Current thread: CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCEColm O hEigeartaigh (Aug 07)

Score

SonicWall Confirms No New SSLVPN 0-Day – Ransomware Attack Linked to Old Vulnerability

Cybersecurity News • 3 hours ago

Cybersecurity firm SonicWall has officially addressed recent concerns a potential new zero-day vulnerability in its Secure Sockets Layer Virtual Private Network (SSLVPN) products. In a statement to Cybersecurity News, the company confirmed that recent ransomware attacks are not the result of a new flaw, but are instead linked to a previously identified and patched […]

Score

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Brighttalk • 5 hours ago

Presented by Jitin Shabadu, Forrester Analyst | Jayce Nichols, Director, Intelligence Solutions, Google Threat Intelligence Group

Score

Business Associate Data Breaches Affect Florida Healthcare Providers

Hipaajournal • 6 hours ago

PhyNet Dermatology, a business associate of Premier Dermatology Partners, has identified unauthorized access to an email account containing patient information. […]

Score

Microsoft patched a critical vulnerability in its NLWeb AI search tool – but there's no CVE (yet)

IT Pro Security • 6 hours ago

Researchers found an unauthenticated path traversal bug in the tool debuted at Microsoft Build in May

Score

CVES

CVE-2024-40766

ATTACK TYPES

Credential Dumping

Credential Reuse

Credential Stuffing

Phishing

Ransomware

VULNERABILITIES

Access Control

Authentication Bypass

Improper Access Control

Zero-Day

COMPANIES

Arctic Wolf

Huntress

Microsoft

SonicWall

SECURITY VENDORS

Arctic Wolf

SonicWall

APT GROUPS

Storm-1567

RANSOMWARE

Akira

Defender

First

Protected

MITRE ATT&CK

T1003

T1040

T1059.007

T1069

T1071.001

PLATFORMS

Gen 7 Firewalls

SonicOS

SonicWall Gen 7 Firewall

INDUSTRIES

Cybersecurity

Information Technology

ARTICLE INFORMATION

Article #9654

Published 4 hours ago

BleepingComputer

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Article Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Overview

Related Articles

CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE

SonicWall Confirms No New SSLVPN 0-Day – Ransomware Attack Linked to Old Vulnerability

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Business Associate Data Breaches Affect Florida Healthcare Providers

Microsoft patched a critical vulnerability in its NLWeb AI search tool – but there's no CVE (yet)

Save to Folder

Article Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies