Cybersecurity firm Huntress warns of widespread SonicWall SSL VPN compromises, with attackers using valid credentials to quickly access multiple accounts. The incident coincides with SonicWallβs disclosure of a breach exposing firewall configuration backups, raising concerns about potential exploitation. #SonicWall #SSLVPN #Cyberattack #FirewallBreach
Keypoints
- Huntress reports rapid, large-scale compromises of SonicWall SSL VPN devices using valid credentials.
- The attacks started around October 4, 2025, affecting over 100 accounts across 16 customer organizations.
- SonicWall confirmed a breach exposing firewall configuration backup files stored in MySonicWall accounts.
- Threat actors are involved in reconnaissance, network scanning, and attempting to access Windows accounts.
- A recent ransomware campaign, Akira, exploited known vulnerabilities like CVE-2024-40766 to target SonicWall devices.
Read More: https://thehackernews.com/2025/10/experts-warn-of-widespread-sonicwall.html