CVE-2024-40766

Akira campaign bypasses OTP MFA on SonicWall VPNs, researchers say

Cybercrime, Research, Risk, Vendors, Vulnerabilities

September 29, 2025

Researchers report the Akira ransomware group has successfully logged into SonicWall SSL VPN accounts protected by OTP MFA, possibly using previously stolen OTP seeds. Vendors including SonicWall and Arctic Wolf advise installing updates and resetting VPN credentials while investigations continue.
SonicWall Addresses Surge in SSL VPN Activity Linked to Patched Vulnerability

Cybercrime, Cybersecurity, Vulnerabilities

August 7, 2025

SonicWall has confirmed that recent SSL VPN activity is linked to an older, patched vulnerability and password reuse, urging users to update firmware and reset passwords to enhance security against ongoing attacks.