This long-exposed SonicWall flaw is being used to infect organizations with Akira ransomware - so patch now

• Akira ransomware is exploiting a year-old SonicWall SSLVPN flaw, targeting unpatched Gen5–Gen7 firewalls
• Attackers also abuse default LDAP group settings and public access to the Virtual Office Portal
• Rapid7 warns that Akira combines multiple weaknesses, urging businesses to patch systems

A vulnerability in SonicWall’s SSLVPN instances, discovered and patched more than a year ago, is now being abused by Akira ransomware operators, security researchers are warning.

The miscreants are going after companies that did not yet apply the patch, or otherwise mitigate the risk.

In a newly published security advisory, experts from Rapid7 said that an improper access control vulnerability for SSLVPN, affecting Gen5, Gen6, and Gen7 firewall appliances, has seen an uptick in abuse, starting in August 2025.