MySonicWall
-
Hackers bypass SonicWall VPN MFA after incomplete patching
Threat actors bypassed MFA on SonicWall Gen6 SSL-VPN appliances in attacks between February and March, exploiting a flaw that stayed open on devices that were updated but not fully remediated, according to a ReliaQuest analysis.
-
SonicWall issues patch for actively exploited SMA 100 series privilege escalation bug
SonicWall released fixes for CVE-2025-40602, a local privilege escalation in SMA 100 series appliances that has been actively exploited; the flaw was reportedly used with CVE-2025-23006 to achieve unauthenticated root code execution, and users are urged to apply patches promptly.
-
SonicWall says unauthorized party accessed cloud firewall backup files
SonicWall said an unauthorized party accessed firewall configuration backup files stored in its cloud for all customers who used the cloud backup service; the files contain encrypted credentials and the company is urging users to check accounts and follow containment and remediation guidance.
