September 11, 2025 By Zeljka Zorz
Over a year after SonicWall patched CVE-2024-40766, a critical flaw in its next-gen firewalls, ransomware attackers are still gaining a foothold in organizations by exploiting it.
Like last September and earlier this year, the attackers are affiliates of the Akira ransomware-as-a-service outfit.
The July 2025 surge in attacks was, according to SonicWall, facilitated by the fact that organizations has migrated from Gen 6 to Gen 7 firewalls but did not reset local user passwords (as advised by the firewall maker).
This time around, Akira affiliates are also leveraging other firewall-related “tricks”.
