Inc Ransomware Exploits SonicWall SMA Zero-Days
When chained together, the two vulnerabilities allow threat actors to gain root-level capabilities on SonicWall's mobile access appliances.
Root access gives an attacker or administrator complete control of a Unix-like system, allowing changes to data, software, accounts, and security settings.
Search across headline titles and summaries.
Background for this topic.
Root access is unrestricted administrative control of a Unix or Linux system. The root account, or an equivalent privilege obtained through mechanisms such as sudo, can read or change nearly any file, alter system configuration, install software, and control running processes. Related uses of “root” may describe equivalent administrator privileges in containers, cloud workloads, network appliances, or mobile devices.
Because root privileges can bypass ordinary access controls, stolen administrative credentials or a vulnerability that enables privilege escalation can let an attacker modify security settings, access protected data, establish persistence, or disrupt the host. Organizations generally reduce exposure by disabling direct root login where practical, using named administrator accounts with least privilege, protecting privileged authentication with strong controls, and recording and reviewing elevation events. Vulnerability management should prioritize flaws that can grant local or remote root-level execution; during an incident, investigators must assess whether root access was obtained and treat the host’s integrity as potentially compromised.
Weekly headline count for the current query.
When chained together, the two vulnerabilities allow threat actors to gain root-level capabilities on SonicWall's mobile access appliances.
Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deployed in 97% of credential-based attacks but failed to prevent compromise.
The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.
Researchers believe rogue peering was used to connect to the victim's SD-WAN devices to gain admin privileges and root-level access.
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.
A critical security issue in a popular endpoint manager (CVE-2025-61932) allowed Chinese state-sponsored attackers to backdoor Japanese businesses.
The number of concerning vulnerabilities may be much smaller than organizations think, and this cybersecurity startup aims to narrow down the list to the most critical ones.
Three vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild.
Research finds that organizations are granting root access by default and making other big missteps, including a Jenga-like building concept, in deploying and configuring AI services in cloud deployments.
How to win the battle with root cause analysis and a data-driven approach.
A patch bypass for a bug in the popular desktop emulator enables root-level privilege escalation and has no fix in sight.
Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection (SIP) by loading third-party kernels.
The high-severity CVE-2024-6387 in OpenSSH is a reintroduction of a 2006 flaw, and it allows unauthenticated RCE as root.
Corporate admins should patch the max-severity CVE-2024-23108 immediately, which allows unauthenticated command injection.
A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.
The vulnerability, tracked as CVE-2024-20253, makes enterprise communications infrastructure and customer service call centers sitting ducks for unauthenticated cyberattackers.
The root cause may lie in set-top boxes run by a questionable service provider.
Process failures are the root cause of most serious cybersecurity incidents. We need to treat security as a process issue, not try to solve it with a collection of tools.
The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space.