SonicWall is investigating a potential new zero-day vulnerability linked to a rise in Akira ransomware incidents targeting Gen 7 SonicWall firewalls, particularly with SSL VPN enabled. The surge in attacks began in late July 2025, prompting SonicWall's response. Organizations are recommended to disable SSL VPN services, limit connectivity, activate protective services, enforce multi-factor authentication, and regularly update passwords. Recent findings detail attack chains starting with the breach of SonicWall appliances, leading to lateral movement, credential theft, and the disabling of protective software.
"Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled," the network security vendor said in a statement.
"We are actively investigating these incidents to determine whether they are connected to a previously disclosed vulnerability or if a new vulnerability may be responsible."
Huntress said it detected around 20 different attacks tied to the latest attack wave starting on July 25, 2025, with variations in tactics.
Attack chains commence with the breach of the SonicWall appliance, followed by the attackers taking a "well-worn" post-exploitation path to conduct enumeration, detection evasion, lateral movement, and credential theft.
Collection
[
|
...
]