CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices

Blog

Byadmblake April 17, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection

Blog

Nation-State ‘Paragon’ Spyware Infections Target Civil Society

Law enforcement entities in democratic states have been deploying top-of-the-line messaging app spyware against journalists and aid workers.

Blog

Organizations Fix Less Than Half of All Exploitable Vulnerabilities, With Just 21% of GenAI App Flaws Resolved

Post Content

Blog

Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler

Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named “schtasks.exe,” which enables an administrator to create, delete,…

Blog

Apple Drops iCloud’s Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands

Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data. The development was first reported by Bloomberg. ADP for iCloud is an optional setting that ensures that users’ trusted devices retain sole access to the encryption keys…

Blog

China-Nexus APT ‘Weaver Ant’ Caught in Yearslong Web Shell Attack

The persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia.

Blog

Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild

The authentication bypass vulnerability in the OS for the company’s firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.

Related