VulnHub

Real-time Cybersecurity News

Attackers exploit SonicWall VPN vulnerability to bypass MFA

SCM feed for Latest
Actively Exploited
CVEExploitVulnerabilityCritical

Overview

A newly discovered vulnerability, identified as CVE-2024-12802, affects SonicWall Gen6 SSL-VPN appliances. This security flaw allows attackers to bypass multi-factor authentication (MFA) by using a specific user principal name (UPN) login format. Organizations using these appliances could be at risk, as this vulnerability may enable unauthorized access to sensitive systems. Companies that rely on SonicWall for secure remote access should take immediate action to assess their exposure to this threat. Given the critical role of MFA in securing remote connections, this issue underscores the need for vigilance and prompt remediation.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: SonicWall Gen6 SSL-VPN appliances
  • Action Required: Users should review their SonicWall configurations and apply any available patches.
  • Timeline: Newly disclosed

Original Article Summary

The vulnerability, CVE-2024-12802, allows threat actors to bypass MFA on SonicWall Gen6 SSL-VPN appliances by using a specific user principal name (UPN) login format.

Impact

SonicWall Gen6 SSL-VPN appliances

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should review their SonicWall configurations and apply any available patches. It is recommended to monitor for unusual login attempts and to consider additional security measures until a patch is implemented.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Exploit, Vulnerability, and 1 more.

Read Original Article

Related Coverage

Trump postpones executive order focused on AI security

CyberScoop

Former President Trump has decided to delay an executive order aimed at enhancing security measures surrounding artificial intelligence. The proposed order would have required federal agencies, including the NSA and the Treasury Department, to evaluate new AI models for potential cybersecurity and national security risks within a 90-day timeframe. This postponement raises concerns about the government's ability to address the growing complexities of AI technology in relation to security. As AI continues to evolve, the need for clear guidelines and assessments becomes increasingly urgent to protect sensitive data and national interests. The implications of this delay could impact how swiftly the government can adapt to emerging threats posed by advanced technologies.

May 21, 2026

Teenager from Odesa suspected of running infostealer malware operation

SCM feed for Latest

A teenager from Odesa is under investigation for allegedly operating an infostealer malware campaign from 2024 to 2025. The malware was designed to infect user devices, targeting browser sessions and stealing account credentials. This operation could have affected a significant number of users, as information-stealing malware is common and can lead to identity theft and financial loss. The case highlights ongoing cybersecurity challenges, particularly with young individuals engaging in malicious activities online. Authorities are taking this incident seriously, as it raises concerns about the growing trend of cybercrime among teenagers.

May 21, 2026

CISA chief frets about open-source vulnerabilities, delayed security improvements

CyberScoop

Nick Andersen, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), expressed concerns about the rising vulnerabilities in open-source software amidst a surge of malware attacks. These attacks are targeting publicly available technologies that developers often use for collaboration. Andersen emphasized that many organizations are delaying necessary security improvements, which puts them at greater risk. The reliance on open-source tools without adequate security measures can lead to significant breaches, affecting not only individual organizations but also the broader tech ecosystem. As more companies adopt open-source solutions, the need for stronger security practices becomes urgent.

May 21, 2026

Cybercriminal VPN Dismantled in Europol Crackdown

Infosecurity Magazine

Europol has successfully dismantled First VPN, a virtual private network service that was reportedly used by ransomware groups and online fraudsters. This operation aimed to disrupt the infrastructure that allowed cybercriminals to operate anonymously while committing various cybercrimes, including extortion and identity theft. By taking down this VPN, Europol has made it more challenging for these actors to hide their identities and conduct illicit activities. The operation is part of a broader effort to combat cybercrime across Europe, which has seen an increase in ransomware incidents and online fraud. This crackdown serves as a reminder of the ongoing battle against cybercriminals who exploit technology to evade law enforcement.

May 21, 2026

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

Infosecurity Magazine

A recent security incident has revealed that a threat actor compromised a developer associated with the Nx framework and then impersonated a legitimate maintainer to publish a malicious extension on the Visual Studio Marketplace. This extension, known as 'Nx Console', posed a significant risk to users of Visual Studio Code by potentially allowing attackers to execute harmful code on their systems. Developers who installed this extension may have inadvertently exposed their projects and sensitive data to exploitation. The incident raises concerns about the security of third-party extensions and the need for developers to be vigilant about the tools they use. Users are advised to review their installed extensions and ensure they have not inadvertently installed the malicious version.

May 21, 2026

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

The Hacker News

Researchers have identified a new piece of Linux malware called Showboat, which has been targeting a telecommunications provider in the Middle East since at least mid-2022. This malware acts as a modular framework that allows attackers to gain remote access to systems, transfer files, and create a SOCKS5 proxy for further exploitation. The use of such a backdoor poses significant risks to the telecommunications infrastructure, potentially compromising sensitive data and disrupting services. As the attack has been ongoing for over a year, it raises concerns about the security measures in place within the affected organization and signals a growing trend of targeted attacks on critical sectors. Companies in similar industries should be vigilant and enhance their security protocols to protect against such sophisticated threats.

May 21, 2026