Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

UNC6148

SonicWall issues patch for actively exploited SMA 100 series privilege escalation bug

News, Risk, Vendors, Vulnerabilities

December 18, 2025

SonicWall released fixes for CVE-2025-40602, a local privilege escalation in SMA 100 series appliances that has been actively exploited; the flaw was reportedly used with CVE-2025-23006 to achieve unauthenticated root code execution, and users are urged to apply patches promptly.
Akira campaign bypasses OTP MFA on SonicWall VPNs, researchers say

Cybercrime, Research, Risk, Vendors, Vulnerabilities

September 29, 2025

Researchers report the Akira ransomware group has successfully logged into SonicWall SSL VPN accounts protected by OTP MFA, possibly using previously stolen OTP seeds. Vendors including SonicWall and Arctic Wolf advise installing updates and resetting VPN credentials while investigations continue.

About
Editorial Policy
Privacy
Contact