SonicWall SMA 100 rootkit-removal firmware 10.2.2.2-92sv
Security Patch Release
Summary
Hide ▲
Show ▼
SonicWall released SMA 100 10.2.2.2-92sv firmware to remove known rootkit malware from SMA 210, 410, and 500v devices. The build adds additional file checking to disrupt malware persistence on affected appliances. SonicWall is strongly recommending the upgrade after attacks on the platform were tied to OVERSTEP on end-of-life devices.
Related Happenings
Coruna iOS mass exploitation wave
Exploitation Wave
First: 04.03.2026 15:28
Last: 04.03.2026 15:28
Sources 1
About this happening:
The **Coruna** exploit kit marks the **first observed mass exploitation against iOS devices**, shifting risk from highly targeted spyware to **broad deployment** against **iPhone...
Coruna iOS mass exploitation wave
Exploitation WaveAbout this happening: The **Coruna** exploit kit marks the **first observed mass exploitation against iOS devices**, shifting risk from highly targeted spyware to **broad deployment** against **iPhone...
BRICKSTORM backdoor activity and GRIMBOLT replacement on appliances
Malware Activity
First: 18.02.2026 12:32
Last: 18.02.2026 12:32
Sources 1
About this happening:
**BRICKSTORM** is a **Golang backdoor** used by **PRC state-sponsored actors** to keep **long-term persistence** on **VMware vSphere**, **Windows**, and appliance environments. **...
BRICKSTORM backdoor activity and GRIMBOLT replacement on appliances
Malware ActivityAbout this happening: **BRICKSTORM** is a **Golang backdoor** used by **PRC state-sponsored actors** to keep **long-term persistence** on **VMware vSphere**, **Windows**, and appliance environments. **...
EDR killer abusing EnPortv.sys to disable 59 security tools
Malware Activity
First: 04.02.2026 16:17
Last: 04.02.2026 16:17
Sources 1
About this happening:
A custom **EDR killer** abused **EnPortv.sys** to disable endpoint security tools on infected Windows hosts, creating a window for follow-on intrusion activity. The 64-bit executa...
EDR killer abusing EnPortv.sys to disable 59 security tools
Malware ActivityAbout this happening: A custom **EDR killer** abused **EnPortv.sys** to disable endpoint security tools on infected Windows hosts, creating a window for follow-on intrusion activity. The 64-bit executa...
SonicWall MySonicWall cloud backup breach exposing firewall backup files
Data Leak
First: 29.01.2026 19:57
Last: 29.01.2026 19:57
Sources 1
About this happening:
**SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...
SonicWall MySonicWall cloud backup breach exposing firewall backup files
Data LeakAbout this happening: **SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...
VMware ESXi exploit toolkit analysis with YARA/Sigma detections
Technical Analysis
First: 08.01.2026 23:27
Last: 08.01.2026 23:27
Sources 1
About this happening:
Huntress analyzed a **December 2025** **VMware ESXi exploit toolkit** that likely enabled **guest-to-hypervisor escape** and **post-exploitation** on **ESXi hosts**. The chain was...
VMware ESXi exploit toolkit analysis with YARA/Sigma detections
Technical AnalysisAbout this happening: Huntress analyzed a **December 2025** **VMware ESXi exploit toolkit** that likely enabled **guest-to-hypervisor escape** and **post-exploitation** on **ESXi hosts**. The chain was...
Timeline
-
23.09.2025 16:15 2 articles · 8mo ago
SonicWall releases SMA 100 10.2.2.2-92sv
Mitigation Patch UpdateSonicWall released SMA 100 10.2.2.2-92sv with additional file checking to remove known rootkit malware from SMA 210, 410, and 500v devices, and strongly recommended upgrading after Google Threat Intelligence Group (GTIG) reported UNC6148 deploying OVERSTEP on end-of-life SMA 100 devices that will reach end-of-support on October 1, 2025.
Show sources
- SonicWall releases SMA100 firmware update to wipe rootkit malware — www.bleepingcomputer.com — 23.09.2025 16:15
- SonicWall releases SMA100 firmware update to wipe rootkit malware — www.bleepingcomputer.com — 23.09.2025 16:15