Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Home Cyber Attacks SonicWall VPN Zero-Day Vulnerability Suspected Amid Rising Ransomware Attacks
Akira Ransomware Business Security Cyber Attacks Cyber Vulnerabilities Cybersecurity Threats Public Wifi ransomware attacks Ransomwares

SonicWall VPN Zero-Day Vulnerability Suspected Amid Rising Ransomware Attacks

SonicWall VPN zeroday vulnerability suspected as ransomware attacks rise, with researchers warning of increased targeting of SonicWall SSL VPN device.
Saturday, August 09, 2025

 

Virtual Private Networks (VPNs) have recently been in the spotlight due to the U.K.’s Online Safety Act, which requires age verification for adult content websites. While many consumers know VPNs as tools for bypassing geo-restrictions or securing public Wi-Fi connections, enterprise-grade VPN appliances play a critical role in business security. 

When researchers issue warnings about possible VPN exploitation, the risk cannot be dismissed. SonicWall has addressed growing concerns after reports surfaced of ransomware groups targeting its devices. According to the company, an investigation revealed that the activity is linked to CVE-2024-40766, a previously disclosed vulnerability documented in their advisory SNWLID-2024-0015, rather than an entirely new zero-day flaw. Fewer than 40 confirmed cases were reported, mostly tied to legacy credentials from firewall migrations. 

Updated guidance includes credential changes and upgrading to SonicOS 7.3.0 with enhanced multi-factor authentication (MFA) protections. Despite these reassurances, Arctic Wolf Labs researcher Julian Tuin observed a noticeable increase in ransomware activity against SonicWall firewall devices in late July. 

Several incidents involved VPN access through SonicWall SSL VPNs. While some intrusions could be explained by brute force or credential stuffing, evidence suggests the possibility of a zero-day vulnerability, as some compromised devices had the latest patches and rotated credentials. 

In several cases, even with TOTP MFA enabled, accounts were breached. SonicWall confirmed it is working closely with threat research teams, including Arctic Wolf, Google Mandiant, and Huntress, to determine whether the incidents are tied to known flaws or a new vulnerability. If a zero-day is confirmed, updated firmware and mitigation steps will be released promptly. 

The urgency is amplified by the involvement of the Akira ransomware group, which has compromised over 300 organizations globally. SonicWall also recently warned of CVE-2025-40599, a serious remote code execution vulnerability in SMA 100 appliances. Experts advise organizations to take immediate precautionary steps, especially given the potential for severe operational disruption. 

Recommended mitigations include disabling SSL VPN services where possible, restricting VPN access to trusted IP addresses, enabling all security services such as botnet protection and geo-IP filtering, removing inactive accounts, enforcing strong password policies, and implementing MFA for all remote access. 

However, MFA alone may not be sufficient in the current threat scenario. The combination of suspected zero-day activity, ransomware escalation, and the targeting of critical remote access infrastructure means that proactive defense measures are essential. 

SonicWall and security researchers continue to monitor the situation closely, urging organizations to act quickly to protect their networks before attackers exploit potential vulnerabilities further.
Tags: Akira Ransomware Business Security Cyber Attacks Cyber Vulnerabilities Cybersecurity Threats Public Wifi ransomware attacks Ransomwares
Share it:

Akira Ransomware

Business Security

Cyber Attacks

Cyber Vulnerabilities

Cybersecurity Threats

Public Wifi

ransomware attacks

Ransomwares