CyberNews: 12/10/2025 Edition

Today’s roundup

Summary

Cybersecurity firm Huntress has reported a widespread compromise of SonicWall SSL VPNs, observed as of October 10, 2025. Threat actors are rapidly authenticating into over 100 customer accounts across 16 environments using valid credentials, with logins originating from IP 202.155.8[.]73. This active exploitation occurs shortly after SonicWall confirmed on October 8 that preference files for all firewalls using its MySonicWall cloud backup service were accessed by attackers, exposing encrypted credentials and configurations.

Separately, the Akira ransomware group is actively exploiting CVE-2024-40766 in SonicWall SSL VPN devices to deploy ransomware. Darktrace detected suspicious activity in a U.S. network in August 2025, including scanning, lateral movement, and data exfiltration, directly linking a compromised SonicWall VPN server to the broader Akira campaign exploiting known vulnerabilities.

Want to dig deeper?

Vulnerabilities