SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices | CyberScoop<\/title> <meta name=\"description\" content=\"Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/sonicwall-sma100-attacks\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices\"> <meta property=\"og:description\" content=\"Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/sonicwall-sma100-attacks\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-07-16T17:52:40+00:00\"> <meta property=\"article:modified_time\" content=\"2025-07-16T17:52:41+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1752617955g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1752617143g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1752075323g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85202\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85202\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsonicwall-sma100-attacks%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsonicwall-sma100-attacks%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85202 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/sonicwall-sma100-attacks\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.64533820841\">\n<div class=\"single-article__header-content\" readability=\"36.659751037344\">\n<p> Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/85202\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"SonicWall headquarters\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-2.jpg 4978w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-2.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> SonicWall’s headquarters in Milpitas, California. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"50.647482014388\"><body readability=\"105.08041418815\"><\/p>\n<p>A financially motivated threat group is attacking organizations using fully patched, end-of-life SonicWall Secure Mobile Access 100 series appliances, Google Threat Intelligence Group said in a <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/sonicwall-secure-mobile-access-exploitation-overstep-backdoor\">report<\/a> released Wednesday.<\/p>\n<p>The group, which Google identifies as UNC6148, is using previously stolen admin credentials to gain access to SonicWall SMA 100 series appliances, remote access VPN devices the <a href=\"https:\/\/assets.contentstack.io\/v3\/assets\/blt281ecbfc2563bf9b\/bltc71bbfa9cc10d919\/6863bdd8cc0ae53a2c4c6dee\/SMA_TradeUp_OnePager_EndUser_4-2.pdf\">vendor stopped selling and supporting<\/a> earlier this year. UNC6148 is likely intruding networks to steal data for extortion and possibly deploy ransomware, according to researchers.<\/p>\n<p>The attacks stress the <a href=\"https:\/\/cyberscoop.com\/sonicwall-exploited-vulnerabilities-surge\/\">consistent risk SonicWall customers have confronted<\/a> via exploited vulnerabilities, especially a series of defects affecting the outdated SonicWall SMA 100 series devices.<\/p>\n<p>The vendor appears 14 times on the Cybersecurity and Infrastructure Security Agency\u2019s <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?search_api_fulltext=&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=All&url=&f%5B0%5D=vendor_project%3A839\">known exploited vulnerabilities catalog<\/a> since late 2021. Half of those exploited vulnerabilities affect SonicWall SMA 100 appliances, including three of the four defects added to CISA\u2019s catalog this year. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cIn response to the evolving threat landscape \u2014 and in alignment with our commitment to transparency and customer protection \u2014 SonicWall plans to accelerate the end-of-support date for the SMA 100,\u201d Bret Fitzgerald, senior director of global communications at SonicWall, told CyberScoop.<\/p>\n<p>\u201cSonicWall has been actively guiding customers toward more modern, secure solutions such as our Cloud Secure Edge service and the SMA 1000 series,\u201d he added<\/p>\n<p>\u201cWe understand that not all customers have transitioned yet, and we remain committed to supporting existing SMA 100 deployments with firmware updates throughout the remaining lifecycle. These updates may become more frequent as we prioritize risk mitigation and the ongoing protection of our user base,\u201d Fitzgerald said.<\/p>\n<p>Google said it lacks evidence for the initial infection vector UNC6148 used to access SonicWall devices because the threat group\u2019s malware selectively removes log entries. Yet, researchers said several vulnerabilities could have been exploited by UNC6148, including <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-20038\">CVE-2021-20038<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-38475\">CVE-2024-38475<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-20035\">CVE-2021-20035<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-20039\">CVE-2021-20039<\/a> or <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32819\">CVE-2025-32819<\/a>.<\/p>\n<p>\u201cUNC6148 may have used one of the mentioned CVEs to obtain administrator credentials prior to the targeted appliance being updated to the latest firmware version (10.2.1.15-81sv), and then used them to later establish a VPN session before possibly exploiting another unknown vulnerability after the appliance was fully updated,\u201d Zander Work, senior security engineer at Google Threat Intelligence Group, said in an email.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cHowever, there was insufficient forensic data to confirm this for incidents that we have investigated to date,\u201d Work added.<\/p>\n<p>Insights into post-compromise activities are also limited. \u201cWe believe that UNC6148 may conduct data theft for extortion or possibly ransomware deployment as the end-stage goal of their intrusions, but haven\u2019t been able to confirm this due to limited investigative insights at this time,\u201d Work said.<\/p>\n<p>One of UNC6148\u2019s targeted victims appeared on the World Leaks data leak site in June, and the threat group\u2019s activity overlaps with SonicWall exploitation in late 2023 and early 2024, including attacks involving the deployment of Abyss-branded ransomware, according to Google.<\/p>\n<p>Exploited SonicWall defects are popular vectors for ransomware, with the majority of the vendor\u2019s CVEs on CISA\u2019s catalog \u2014 9 out of 14 \u2014 known to be used in ransomware campaigns, according to the federal agency.<\/p>\n<p>Mandiant learned more about UNC6148\u2019s technical operations during an investigation into an attack in June. In that attack, UNC6148 established a SSL VPN session on a SMA 100 series appliance using local administrator credentials before it deployed a reverse shell through unknown means.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The reverse shell allowed the threat group to perform reconnaissance, manipulate files, and export and import settings to the SMA 100 appliance, before it deployed the OVERSTEP backdoor, which Google shared technical details about in its report.<\/p>\n<p>The investigation helped Google \u201clearn more about how [UNC6148] may leverage previously compromised SonicWall appliances for further intrusion operations, even after organizations have applied security updates,\u201d Work said.<\/p>\n<p>Google and SonicWall declined to say how many SonicWall SMA 100 devices have been abused by UNC6148, nor how many organizations have been impacted by this ongoing campaign.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.9776119402985\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/07\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/sonicwall-sma100-attacks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SonicWall customers hit by fresh, ongoing attacks targeting fully patched<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,78,452,3729,281,1766,46,256,3546,288,3542,643],"tags":[286,86,454,3731,285,1771,54,262,4246,294,3545,645],"class_list":["post-7807","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-google-threat-intelligence-group","category-hacking","category-known-exploited-vulnerabilities-kev","category-ransomware","category-research","category-sonicwall","category-threats","category-virtual-private-network-vpn","category-vulnerabilities","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-google-threat-intelligence-group","tag-hacking","tag-known-exploited-vulnerabilities-kev","tag-ransomware","tag-research","tag-sonicwall","tag-threats","tag-virtual-private-network-vpn","tag-vulnerabilities"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hacking\/\" rel=\"category tag\">hacking<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/known-exploited-vulnerabilities-kev\/\" rel=\"category tag\">known exploited vulnerabilities (KEV)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sonicwall\/\" rel=\"category tag\">SonicWall<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/virtual-private-network-vpn\/\" rel=\"category tag\">virtual private network (VPN)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a>","tag_info":"vulnerabilities","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7807"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7807\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7807,"date":"2025-07-16T12:52:40","date_gmt":"2025-07-16T17:52:40","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85202"},"modified":"2025-07-16T12:52:40","modified_gmt":"2025-07-16T17:52:40","slug":"sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/07\/16\/sonicwall-customers-hit-by-fresh-ongoing-attacks-targeting-fully-patched-sma-100-devices\/","title":{"rendered":"SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices"},"content":{"rendered":"