Akira ransomware crims abusing trifecta of SonicWall security holes for extortion attacks www.theregister.com/2025/09/1…

Affiliates of the Akira ransomware gang are again exploiting a critical SonicWall vulnerability abused last summer, after a suspected zero-day flaw actually turned out to be related to a year-old bug.

The attacks are tied to CVE-2024-40766, a 9.8 CVSS-rated improper access control flaw originally disclosed in August 2024. Both Akira and Fog ransomware criminals used this CVE last year to gain initial access to victim orgs, and last month SonicWall said not all companies took the needed steps to mitigate the issue.

Rapid7 warned that SonicWall’s updated guidance around CVE-2024-40766 can present an additional security risk - if customers use the default LDAP group configurations, which can allow over-provisioning access to the SSLVPN services