Ransomware

SonicWall Confirms No New SSL VPN Zero-Day — Ransomware Attack Linked to Old Vulnerability

SonicWall urges updating credentials and using SonicOS 7.3.0 after ransomware exploits old CVE flaw in SSLVPN products.

By Content Team

Aug 7, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

SonicWall has confirmed that recent ransomware attacks targeting its SSL VPN products weren't caused by a new zero-day vulnerability, but rather were the result of attackers exploiting the previously patched CVE-2024-40766 flaw. The attacks affected fewer than 40 customers and appear linked to legacy credentials left over during migrations from Generation 6 to Generation 7 firewalls.

Attackers exploited outdated or weak credentials that weren't updated during hardware upgrades. SonicWall is urging customers to immediately change their credentials and upgrade to SonicOS 7.3.0, which includes enhanced multi-factor authentication, login attempt lockouts, and stronger password policies to prevent future attacks.

Source: Cyber Security News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Cybercriminals Launch Lightning-Fast Ransomware Attacks in 24 Hours

Apr 8, 2026

Hundreds of Thousands Hit in Kensington and Chelsea Council Cyber Attack

Jan 15, 2026

North Korean Hackers Breach Popular Axios NPM Package in Supply Chain Attack

Apr 1, 2026

Ericsson Data Breach Exposes 15,000 People's Personal Information

Mar 10, 2026