SonicWall has issued a warning urging customers to disable SSLVPN services due to a potential zero-day vulnerability being exploited by ransomware gangs, particularly in Akira ransomware attacks. Security experts recommend immediate action to limit access and implement protective measures while SonicWall investigates the incident. #SonicWallGen7 #AkiraRansomware
Keypoints
- SonicWall advises disabling SSLVPN services to prevent exploitation of a suspected zero-day vulnerability.
- Arctic Wolf Labs observed multiple attacks using the vulnerability since July 15th, possibly involving Akira ransomware.
- Threat actors may be bypassing MFA and deploying ransomware shortly after initial access.
- SonicWall recommends enabling security features like Botnet Protection and Geo-IP Filtering to mitigate threats.
- The company has also urged caution regarding a separate vulnerability in SMA 100 appliances (CVE-2025-40599).