SonicWall Confirms No New SSLVPN 0-Day – Ransomware Attack Linked to Old Vulnerability

Threat Score:

Cybersecurity News

5 hours ago

Part of cluster #1650

Overview

Cybersecurity firm SonicWall has officially addressed recent concerns a potential new zero-day vulnerability in its Secure Sockets Layer Virtual Private Network (SSLVPN) products. In a statement to Cybersecurity News, the company confirmed that recent ransomware attacks are not the result of a new flaw, but are instead linked to a previously identified and patched […]...

Continue Reading on Original Site

5 articles

CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE

OSS Security • 5 hours ago

oss-secmailing list archives CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE Current thread: CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCEColm O hEigeartaigh (Aug 07)

Score

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Brighttalk • 7 hours ago

Presented by Jitin Shabadu, Forrester Analyst | Jayce Nichols, Director, Intelligence Solutions, Google Threat Intelligence Group

Score

Business Associate Data Breaches Affect Florida Healthcare Providers

Hipaajournal • 8 hours ago

PhyNet Dermatology, a business associate of Premier Dermatology Partners, has identified unauthorized access to an email account containing patient information. […]

Score

Microsoft patched a critical vulnerability in its NLWeb AI search tool – but there's no CVE (yet)

IT Pro Security • 8 hours ago

Researchers found an unauthenticated path traversal bug in the tool debuted at Microsoft Build in May

Score

SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw

BleepingComputer • 7 hours ago

SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw Bill Toulas August 7, 2025 11:27 AM 0 SonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw. The company says that the attackers are targeting CVE-2024-40766, an unauthorized access flaw fixed in August 2024. "We now have high confidence that the recent SSLVPN activity is not connected to a zero-day vulnerability,

Score

ATTACK TYPES

Credential Dumping

Ransomware

VULNERABILITIES

Improper Access Control

Zero-Day

MITRE ATT&CK

T1040

T1059.007

T1069

T1071.001

T1078

RANSOMWARE

Akira

CVES

CVE-2024-40766

COMPANIES

Arctic Wolf

Huntress

SonicWall

PLATFORMS

SonicOS

ARTICLE INFORMATION

Article #9703

Published 5 hours ago

Cybersecurity News

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Article Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Overview

Related Articles

CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Business Associate Data Breaches Affect Florida Healthcare Providers

Microsoft patched a critical vulnerability in its NLWeb AI search tool – but there's no CVE (yet)

SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw

Save to Folder

Article Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies