Since mid-July 2025, SonicWall firewalls have been targeted by attackers using the Akira ransomware, potentially exploiting a zero-day vulnerability. Despite multi-factor authentication being enabled, compromised accounts suggest the presence of an unknown exploit. Organizations are advised to disable the SonicWall SSL VPN service until more information is available. SonicWall’s SMA devices are also under scrutiny following a newly discovered vulnerability, although there is currently no evidence of its exploitation. Security experts continue to investigate, urging vigilance and recommending the restriction of VPN access to trusted IP addresses.
Are SonicWall firewalls being exploited through a zero-day vulnerability in ransomware attacks?
