SonicWall firewalls hit by active mass exploitation of suspected zero-day | CyberScoop<\/title> <meta name=\"description\" content=\"About 20 organizations have been impacted and the pace of attacks is rising. Threat researchers and SonicWall are scrambling to determine the root cause.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/sonicwall-firewalls-attack-spree-zero-day\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"SonicWall firewalls hit by active mass exploitation of suspected zero-day\"> <meta property=\"og:description\" content=\"About 20 organizations have been impacted and the pace of attacks is rising. Threat researchers and SonicWall are scrambling to determine the root cause.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/sonicwall-firewalls-attack-spree-zero-day\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-08-05T23:30:20+00:00\"> <meta property=\"article:modified_time\" content=\"2025-08-05T23:30:23+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1754419985g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1753141563g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85465\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85465\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsonicwall-firewalls-attack-spree-zero-day%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsonicwall-firewalls-attack-spree-zero-day%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85465 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/sonicwall-firewalls-attack-spree-zero-day\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.409465020576\">\n<div class=\"single-article__header-content\" readability=\"34.289786223278\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/sonicwall-firewalls-attack-spree-zero-day\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> About 20 organizations have been impacted and the pace of attacks is rising. Threat researchers and SonicWall are scrambling to determine the root cause. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/85465\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"SonicWall headquarters\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-2.jpg 4978w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-2.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> SonicWall’s headquarters in Milpitas, California. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"39.570206551221\"><body readability=\"83.172588832487\"><\/p>\n<p>SonicWall warned customers to disable encryption services on Gen 7 firewalls in the wake of an active attack spree targeting a yet-to-be identified vulnerability affecting a critical firewall service. Attacks have increased notably since Friday, the company said in a <a href=\"https:\/\/www.sonicwall.com\/support\/notices\/gen-7-sonicwall-firewalls-sslvpn-recent-threat-activity\/250804095336430\">blog post<\/a>.<\/p>\n<p>Threat hunters and incident responders from Arctic Wolf, Google and Huntress have observed a wave of ransomware attacks beginning as early as July 15. Mounting evidence points to a zero-day vulnerability affecting the secure sockets layer (SSL) VPN protocol as the initial attack vector.<\/p>\n<p>\u201cA financially motivated threat actor is actively compromising victim environments and deploying Akira ransomware,\u201d Charles Carmakal, CTO at Mandiant Consulting, said in a <a href=\"https:\/\/www.linkedin.com\/posts\/charlescarmakal_gen-7-sonicwall-firewalls-sslvpn-recent-activity-7358432610328403968-m6Ch\/\">LinkedIn post<\/a> Tuesday. \u201cThe speed and scale of the compromises suggests a potential zero-day vulnerability in SonicWall Gen 7 firewalls.\u201d<\/p>\n<p>SonicWall said an ongoing investigation has yet to determine if the attacks involve a previously disclosed vulnerability or a zero-day. \u201cIf a new vulnerability is confirmed, we will release updated firmware and guidance as quickly as possible,\u201d Bret Fitzgerald, senior director of global communications at SonicWall, told CyberScoop.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Researchers from multiple security companies confirmed attackers have intruded and compromised customer networks, even in environments with multi-factor authentication enabled.<\/p>\n<p>Attackers are moving swiftly, pivoting directly to domain controllers within hours and deploying ransomware after short dwell times, Huntress said in a <a href=\"https:\/\/www.huntress.com\/blog\/exploitation-of-sonicwall-vpn\">threat advisory<\/a> Monday. The company said it has observed about 20 attacks, occurring in almost daily bursts, starting July 25.<\/p>\n<p>Huntress said post-compromise techniques span a mix of automated scripts and hands-on keyboard activities prior to Akira ransomware deployment. This includes the abuse of privileged accounts for administrative access, backdoor implants, lateral movements to steal credentials from multiple databases and a methodical disablement of security tools and firewalls. <\/p>\n<p>Multiple attackers have gained access to internal networks via SonicWall devices. While there are some similarities across the various attacks, Huntress also noted some differences, suggesting multiple threat groups might be involved or attackers are adapting to situations upon gaining access. <\/p>\n<h5 class=\"wp-block-heading\" id=\"h-sonicwall-a-repeat-offender\"><strong>SonicWall, a repeat offender<\/strong><\/h5>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The active mass exploitation targeting SonicWall firewalls underscores the <a href=\"https:\/\/cyberscoop.com\/sonicwall-exploited-vulnerabilities-surge\/\">persistent risk the vendor\u2019s customers have confronted<\/a> for years. SonicWall has 14 entries on the Cybersecurity and Infrastructure Security Agency\u2019s <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?search_api_fulltext=&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=All&url=&f%5B0%5D=vendor_project%3A839\">known exploited vulnerabilities catalog<\/a> since late 2021.<\/p>\n<p>The more recent and ongoing attacks are targeting a next-generation firewall, unlike last month\u2019s series of financially motivated attacks targeting organizations using fully patched, but outdated SonicWall Secure Mobile Access 100 series appliances. Half of the exploited vulnerabilities on CISA\u2019s catalog affect SonicWall SMA 100 appliances, including three of the four defects actively exploited this year. <\/p>\n<p>SonicWall\u2019s recommendation to disable SSLVPN on Gen 7 firewalls, which allows users to establish encrypted connections to the corporate network, serves as an acknowledgment that the critical service can\u2019t be trusted to serve its primary purpose. Many organizations require employees to access their corporate network via VPN.<\/p>\n<p>SonicWall\u2019s SSLVPN was the root of the problem in at least three actively exploited vulnerabilities on CISA\u2019s known exploited vulnerabilities catalog, including <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-53704\">CVE-2024-53704<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-44221\">CVE-2023-44221<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2021-20016\">CVE-2021-20016<\/a>. <\/p>\n<p>Akira ransomware impacted more than 250 organizations, claiming about $42 million in extortion payments from March 2023 to January 2024, CISA said in an <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa24-109a\">advisory<\/a> last year. Officials said Akira operators steal data and encrypt systems before threatening to publish data. Some Akira affiliates have also called victimized companies to apply further pressure, according to the FBI.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>An investigation into the root cause of the attacks and origins of those responsible is ongoing.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.775572519084\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/sonicwall-firewalls-attack-spree-zero-day\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SonicWall firewalls hit by active mass exploitation of suspected zero-day<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,78,452,2659,669,3119,1766,46,256,3546,3663,310,288,3542,643,2281,1170],"tags":[286,86,454,2661,671,3120,1771,54,262,4246,3665,311,294,3545,645,2283,1171],"class_list":["post-7870","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-exploit","category-federal-bureau-of-investigation-fbi","category-firewall","category-known-exploited-vulnerabilities-kev","category-ransomware","category-research","category-sonicwall","category-ssl","category-technology","category-threats","category-virtual-private-network-vpn","category-vulnerabilities","category-vulnerability","category-zero-days","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-exploit","tag-federal-bureau-of-investigation-fbi","tag-firewall","tag-known-exploited-vulnerabilities-kev","tag-ransomware","tag-research","tag-sonicwall","tag-ssl","tag-technology","tag-threats","tag-virtual-private-network-vpn","tag-vulnerabilities","tag-vulnerability","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exploit\/\" rel=\"category tag\">exploit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firewall\/\" rel=\"category tag\">firewall<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/known-exploited-vulnerabilities-kev\/\" rel=\"category tag\">known exploited vulnerabilities (KEV)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sonicwall\/\" rel=\"category tag\">SonicWall<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ssl\/\" rel=\"category tag\">SSL<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/virtual-private-network-vpn\/\" rel=\"category tag\">virtual private network (VPN)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7870","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7870"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7870\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7870"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7870"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7870"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7870,"date":"2025-08-05T18:30:20","date_gmt":"2025-08-05T23:30:20","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85465"},"modified":"2025-08-05T18:30:20","modified_gmt":"2025-08-05T23:30:20","slug":"sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/08\/05\/sonicwall-firewalls-hit-by-active-mass-exploitation-of-suspected-zero-day\/","title":{"rendered":"SonicWall firewalls hit by active mass exploitation of suspected zero-day"},"content":{"rendered":"