Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SonicWall SSLVPN credential rotation and access hardening checklist

Advisory/Mitigation
First reported
Last updated
Happening score
H score 51
1 unique sources, 1 articles

Summary

Hide ▲

SonicWall issued urgent mitigation steps for SSLVPN administrators after stolen, valid credentials were used against more than 100 accounts across 16 environments. The checklist tells administrators to reset local passwords and temporary access codes, rotate LDAP/RADIUS/TACACS+ secrets, and refresh IPSec and GroupVPN credentials. It also recommends restricting WAN management and remote access, limiting HTTP/HTTPS/SSH/SSL VPN, and enforcing multi-factor authentication until secrets are rotated.

Related Happenings

SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)

Vulnerability
First: 21.05.2026 00:19 Last: 21.05.2026 00:19 Sources 1

About this happening: Researchers confirmed **first-in-the-wild exploitation** of **CVE-2024-12802** against **SonicWall Gen6 SSL-VPN appliances**, showing that incomplete remediation can leave **MFA b...

Open Happening

AWS exposed-key hardening guidance for Amazon SES phishing abuse

Defensive Guidance
First: 04.05.2026 23:03 Last: 04.05.2026 23:03 Sources 1

About this happening: **Kaspersky** urged organizations to harden **AWS IAM** and credential handling after **exposed access keys** were linked to phishing delivery through **Amazon SES**, reducing the...

Open Happening

Halcyon automotive ransomware mitigation guidance

Advisory/Mitigation
First: 16.04.2026 11:35 Last: 16.04.2026 11:35 Sources 1

About this happening: **Halcyon** urged **automotive sector IT teams** to harden their environments against a **ransomware threat** that is pressuring carmakers and their suppliers. The guidance priori...

Open Happening

Sharp rise in brute-force attempts against SonicWall and Fortinet edge devices

Target Trend
First: 15.04.2026 12:30 Last: 15.04.2026 12:30 Sources 1

About this happening: A **sharp rise** in brute-force attempts against **SonicWall** and **Fortinet** edge devices is increasing risk of perimeter-device compromise across organizations that rely on VP...

Open Happening

Forest Blizzard DNS hijacking token-theft campaign against older routers

Campaign
First: 07.04.2026 20:02 Last: 07.04.2026 20:02 Sources 1

About this happening: Russia-backed **Forest Blizzard** is running a **DNS hijacking campaign** against older routers to steal **Microsoft Office** authentication tokens, putting accounts at risk acros...

Open Happening

Timeline

  1. 13.10.2025 18:58 1 articles · 7mo ago

    SonicWall SSLVPN credential abuse begins on October 4

    Exploitation Observed

    Threat actors using stolen, valid credentials began compromising SonicWall SSLVPN accounts on October 4, and follow-on activity included network scans and attempts to access local Windows accounts after authentication.

    Show sources
    Open in new tab
  2. 13.10.2025 18:58 1 articles · 7mo ago

    SonicWall SSLVPN campaign remains active on October 10

    Campaign Scope Update

    The SonicWall SSLVPN credential-abuse campaign was still ongoing on October 10 and had impacted over 100 accounts across 16 environments, with most malicious requests originating from 202.155.8[.]73.

    Show sources
    Open in new tab
  3. 13.10.2025 18:58 2 articles · 7mo ago

    SonicWall SSLVPN administrators get emergency credential-rotation guidance

    Mitigation Patch Update

    SonicWall administrators are instructed to reset local user passwords and temporary access codes, rotate LDAP, RADIUS, and TACACS+ passwords, update IPSec site-to-site, GroupVPN, and WAN interface secrets, restrict WAN management and remote access, limit HTTP, HTTPS, SSH, and SSL VPN until secrets are rotated, revoke external API keys, dynamic DNS, SMTP/FTP, and automation secrets, and enforce multi-factor authentication before staged service reintroduction.

    Show sources
    Open in new tab