Brutkey

Kevin Beaumont
@GossiTheDog@cyberplace.social

ArticWolf say they have observed Akira ransomware incidents gaining access via fully patched SonicWall SSL VPN boxes with accounts with MFA enabled, speculate they have another zero day.

https://arcticwolf.com/resources/blog/arctic-wolf-observes-july-2025-uptick-in-akira-ransomware-activity-targeting-sonicwall-ssl-vpn/

Nemo
@nemokamui@infosec.exchange

@GossiTheDog@cyberplace.social @cR0w@infosec.exchange yeah Huntress initially said SMA as well but retracted that. However, SonicWall is stating that the SMA is getting an accelerated EOS as of 12/31/2025 but their support matrix site still says 10/2027. Gonna have a lot of exploitable systems in 2026, it seems. Yayyyy