Zero-day vulnerability in Sonicwall SSL VPN is attacked | heise online

Sonicwall is releasing updates to address four vulnerabilities in SonicOS, including an actively exploited authentication bypass in the SSL VPN. The updates, scheduled for January 7th, will close these security gaps and are recommended for all affected Sonicwall firewalls.