Despite years passing since SonicWall patched CVE-2024-40766, attackers continue exploiting it, primarily via Akira group affiliates. Vulnerabilities in firewall configurations and outdated software have facilitated ongoing ransomware campaigns targeting organizations worldwide. #CVE-2024-40766 #AkiraGroup
Keypoints
- Attackers are still exploiting the unpatched CVE-2024-40766 in SonicWall firewalls.
- The surge in attacks correlates with organizations migrating to newer firewall models without resetting passwords.
- Multiple security risks, including misconfigurations, are being leveraged by the Akira ransomware affiliates.
- Recommendations include rotating passwords, enabling MFA, and applying the latest SonicWall patches and updates.
- The Australian Cyber Security Centre has issued warnings about increased Akira activity targeting vulnerable Australian organizations.
Read More: https://www.helpnetsecurity.com/2025/09/11/akira-ransomware-sonicwall-firewalls/