SonicWall customers confront resurgence of actively exploited vulnerabilities | CyberScoop<\/title> <meta name=\"description\" content=\"The network security device vendor is making a regular appearance on CISA\u2019s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn\u2019t signed the secure-by-design pledge.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/sonicwall-exploited-vulnerabilities-surge\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"SonicWall customers confront resurgence of actively exploited vulnerabilities\"> <meta property=\"og:description\" content=\"The network security device vendor is making a regular appearance on CISA\u2019s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn\u2019t signed the secure-by-design pledge.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/sonicwall-exploited-vulnerabilities-surge\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-05-09T21:33:32+00:00\"> <meta property=\"article:modified_time\" content=\"2025-05-09T21:33:35+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1746476661g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84467\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84467\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsonicwall-exploited-vulnerabilities-surge%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsonicwall-exploited-vulnerabilities-surge%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84467 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/sonicwall-exploited-vulnerabilities-surge\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.983050847458\">\n<div class=\"single-article__header-content\" readability=\"35.412017167382\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/sonicwall-exploited-vulnerabilities-surge\/\"> <span>Technology<\/span> <\/a> <\/li>\n<\/ul>\n<p> The network security device vendor is making a regular appearance on CISA\u2019s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn\u2019t signed the secure-by-design pledge. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84467\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"SonicWall headquarters\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-2.jpg 4978w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-2.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> SonicWall’s headquarters in Milpitas, California. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"94.657868906097\"><body readability=\"193.3632218845\"><\/p>\n<p>Vulnerabilities are proliferating in SonicWall devices and software this year, putting the vendor\u2019s customers at risk of intrusion via secure access gateways and firewalls.<\/p>\n<p>The year started off on a sour note for the California-based company when it released <a href=\"https:\/\/psirt.global.sonicwall.com\/vuln-list\">security advisories<\/a> for nine vulnerabilities on Jan. 7. The total number of vulnerabilities publicly disclosed by the company so far in 2025 has grown to 20. <\/p>\n<p>SonicWall vulnerabilities are also making a consistent appearance on the Cybersecurity and Infrastructure Security Agency\u2019s <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">known exploited vulnerabilities (KEV) catalog<\/a>. Cyber authorities confirm that attackers exploited four vulnerabilities in SonicWall products so far this year, and 14 total since late 2021.<\/p>\n<p>Eight of those vulnerabilities have been exploited in ransomware campaigns, according to CISA.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>SonicWall customers enjoyed a relative lull, with no new vulnerabilities exploited in the wild between March 2022 and September 2024, but malicious activity targeting the vendor\u2019s equipment and software resurged earlier this year.<\/p>\n<p>The four actively exploited vulnerabilities added to CISA\u2019s catalog this year include a trio in SonicWall Secure Mobile Access (SMA) 100 Appliances: a pair of operating system command injection vulnerabilities, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-44221\">CVE-2023-44221<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-20035\">CVE-2021-20035<\/a>, and a critical deserialization of untrusted data vulnerability, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-23006\">CVE-2025-23006<\/a>. <\/p>\n<p>The other vulnerability recently exploited in the wild, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-53704\">CVE-2024-53704<\/a>, is an improper authentication defect in the secure sockets layer virtual private network (SSL\/VPN) mechanism in SonicWall SonicOS, the operating system that powers the company\u2019s latest firewalls.<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-three-new-sonicwall-defects-emerge\">Three new SonicWall defects emerge<\/h5>\n<p>Earlier this week, the company disclosed and released patches for three new vulnerabilities \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32819\">CVE-2025-32819<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32820\">CVE-2025-32820<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32821\">CVE-2025-32821<\/a> \u2014 affecting SonicWall SMA 100 appliances. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Ryan Emmons, security researcher at Rapid7, discovered the new vulnerabilities last month and shared details with SonicWall on May 2. SonicWall\u2019s security team acknowledged the disclosure in about 30 minutes and three days later shared a patch with Rapid7, which it validated as effective, Emmons said in a <a href=\"https:\/\/www.rapid7.com\/blog\/post\/2025\/05\/07\/multiple-vulnerabilities-in-sonicwall-sma-100-series-2025\/\">blog post<\/a>. <\/p>\n<p>SonicWall released a software update and published a security advisory for the vulnerabilities on Wednesday, five days after Rapid7 initially shared its findings with the company. For some SonicWall SMA 100 customers, it might have been too late.<\/p>\n<p>\u201cRapid7 believes that CVE-2025-32819 may have been exploited in the wild, based on internal investigations and known private indicators of compromise,\u201d Emmons told CyberScoop via email. \u201cWe haven\u2019t yet observed any signs that CVE-2025-32820 and CVE-2025-32821 are exploited in the wild. However, SMA 100 series appliances are popular, so it\u2019s likely that will change in the future.\u201d<\/p>\n<p>Attackers can exploit the three software defects and chain them together to achieve \u201cremote code execution as root on a SonicWall SMA 100 appliance, which is the highest level of privileges and control an attacker can establish on a device like that,\u201d Emmons said.<\/p>\n<p>An attacker doesn\u2019t need exceptional skills to reach that malicious goal. Cybercriminals can exploit CVE-2025-32819 once they gain access to any low-privilege user account on a vulnerable SonicWall SMA100, according to Emmons.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThat allows the attacker to delete a key file and reboot the SMA with a default administrator username and password,\u201d Emmons said. \u201cFrom there, they can use login and use the other two exploits to establish full control of the device.\u201d<\/p>\n<p>Matt Neiderman, chief strategy officer at SonicWall, told CyberScoop the company is unaware of any active exploitation of the three recently disclosed vulnerabilities \u2014 CVE-2025-32819, CVE-2025-32820 and CVE-2025-32821 \u2014 and SonicWall is working with Rapid7 to investigate further.<\/p>\n<p>\u201cWhile Rapid7 has published technical details and proof-of-concept exploits \u2014 currently we have no data to substantiate exploitation by malicious third parties \u2014 there is no indication from SonicWall that these specific vulnerabilities are being actively exploited in the wild,\u201d Neiderman said.<\/p>\n<p>\u201cGiven the availability of exploit code and the critical nature of these vulnerabilities, it\u2019s strongly recommended to apply the latest patches provided by SonicWall to mitigate potential risks,\u201d Neiderman added.<\/p>\n<h4 class=\"wp-block-heading\" id=\"h-security-devices-are-under-attack\">Security devices are under attack<\/h4>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>SonicWall is among many network device vendors targeted by cybercriminals, and in every case it\u2019s the customers who use vulnerable VPNs, firewalls and routers that are directly impacted. <\/p>\n<p>One-third of all attacks in 2024 were linked to exploits, and the four most commonly exploited vulnerabilities were all contained in edge devices, Mandiant said in its <a href=\"https:\/\/cyberscoop.com\/mandiant-m-trends-2025\/\">M-Trends report<\/a> released last month. <\/p>\n<p>\u201cSince these sorts of Linux-based appliances have restricted operating systems, they virtually never have endpoint protection and response or strong logging capabilities set up, so they make a great alcove for attackers to operate from within the network,\u201d Emmons said.<\/p>\n<p>Customers of larger network device vendors such as Palo Alto Networks, Cisco and Fortinet have been impacted by multiple exploited vulnerabilities in their products since 2024. A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks\u2019 PAN-OS, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-3400\">CVE-2024-3400<\/a>, was the most frequently exploited defect across all of Mandiant\u2019s incident response engagements last year. <\/p>\n<p>A pair of defects affecting Ivanti Connect Secure VPN and Ivanti Policy Secure appliances \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-46805\">CVE-2023-46805<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-21887\">CVE-2024-21887<\/a> \u2014 were the next most frequently exploited vulnerabilities in 2024, according to Mandiant. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Ivanti appears in CISA\u2019s KEV catalog more than any other firewall, VPN or router vendor over the past 17 months. Attackers have <a href=\"https:\/\/cyberscoop.com\/ivanti-exploited-vulnerabilities-network-edge-devices-kev-list\/\">exploited five vulnerabilities in Ivanti products<\/a> so far this year, and 16 total since the beginning of 2024.<\/p>\n<p>Neiderman, as executives at other security device vendors have noted, said most of the SonicWall vulnerabilities exploited by attackers this year affect older technology. \u201cThese vulnerabilities relate primarily to legacy VPN appliances or SSL\/VPN, which have been targeted by threat actors across most vendors in the industry,\u201d he said.<\/p>\n<p>\u201cThe rise in actively exploited vulnerabilities across the cybersecurity landscape this year also reflects a broader industry challenge,\u201d Neiderman said. \u201cWe believe the increase in activity is a combination of the SMA (VPN) appliances being targeted by threat actors because VPN appliances for many vendors have been in the news as being vulnerable.\u201d<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-will-vulnerabilities-push-sonicwall-to-secure-by-design\">Will vulnerabilities push SonicWall to secure-by-design? <\/h5>\n<p>Yet, there\u2019s one piece missing from SonicWall\u2019s commitment to bolster the security of its products. The company hasn\u2019t signed <a href=\"https:\/\/cyberscoop.com\/tag\/secure-by-design-2\/\">CISA\u2019s secure-by-design pledge<\/a>, which the federal agency unveiled last year to publicly spur vendors to accept more responsibility for the security of their products.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>More than 300 companies, including almost every major network device vendor \u2014 Palo Alto Networks, Cisco, Fortinet, Ivanti, Barracuda, Citrix and Check Point Software Technologies, among them \u2014 have <a href=\"https:\/\/www.cisa.gov\/securebydesign\/pledge\/secure-design-pledge-signers\">signed the pledge<\/a>.<\/p>\n<p>The voluntary public commitment puts the onus on vendors to include well-established security features into their technology by default. This includes multifactor authentication, a reduction of default passwords and entire classes of vulnerabilities that can be prevented at scale, and efforts to increase the installation of security updates by customers.<\/p>\n<p>\u201cSonicWall has implemented all of the core principles defined in the secure-by-design pledge, and fully supports its objectives and formally kicked off the process,\u201d Neiderman said. <\/p>\n<p>The company\u2019s latest gateway security appliances include security features by default, according to Neiderman. SonicWall announced an end-of-life for legacy SMA 100 series VPN appliances last year, and it recently rolled out a managed protection security suite as a default firewall license and service to ensure proper configuration and best practices, he added.<\/p>\n<p>\u201cUnmanaged and unpatched appliances are a liability,\u201d Neiderman said. \u201cManaged firewalls reduce the risk of breaches from newly discovered vulnerabilities.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Neiderman said SonicWall intends to formally sign the pledge, but he did not say when or explain why it hasn\u2019t already.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.9755700325733\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/sonicwall-exploited-vulnerabilities-surge\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SonicWall customers confront resurgence of actively exploited vulnerabilities | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2655,1209,1764,1765,282,78,452,2182,2659,3119,917,646,715,3353,256,3546,310,288,3542,643],"tags":[2656,668,1769,1770,286,86,454,2185,2661,3120,921,650,720,3357,262,4246,311,294,3545,645],"class_list":["post-7625","post","type-post","status-publish","format-standard","hentry","category-check-point","category-cisa","category-cisco","category-cve","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-edge-devices","category-exploit","category-firewall","category-fortinet","category-mandiant","category-palo-alto-networks","category-rapid7","category-research","category-sonicwall","category-technology","category-threats","category-virtual-private-network-vpn","category-vulnerabilities","tag-check-point","tag-cisa","tag-cisco","tag-cve","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-edge-devices","tag-exploit","tag-firewall","tag-fortinet","tag-mandiant","tag-palo-alto-networks","tag-rapid7","tag-research","tag-sonicwall","tag-technology","tag-threats","tag-virtual-private-network-vpn","tag-vulnerabilities"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/check-point\/\" rel=\"category tag\">Check Point<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisco\/\" rel=\"category tag\">Cisco<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cve\/\" rel=\"category tag\">CVE<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/edge-devices\/\" rel=\"category tag\">edge devices<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exploit\/\" rel=\"category tag\">exploit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firewall\/\" rel=\"category tag\">firewall<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fortinet\/\" rel=\"category tag\">Fortinet<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/palo-alto-networks\/\" rel=\"category tag\">Palo Alto Networks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/rapid7\/\" rel=\"category tag\">Rapid7<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sonicwall\/\" rel=\"category tag\">SonicWall<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/virtual-private-network-vpn\/\" rel=\"category tag\">virtual private network (VPN)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a>","tag_info":"vulnerabilities","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7625","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7625"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7625\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7625"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7625"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7625"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7625,"date":"2025-05-09T16:33:32","date_gmt":"2025-05-09T21:33:32","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84467"},"modified":"2025-05-09T16:33:32","modified_gmt":"2025-05-09T21:33:32","slug":"sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/05\/09\/sonicwall-customers-confront-resurgence-of-actively-exploited-vulnerabilities\/","title":{"rendered":"SonicWall customers confront resurgence of actively exploited vulnerabilities"},"content":{"rendered":"