Ransomware affiliates are exploiting a critical vulnerability in SonicWall SonicOS firewalls, CVE-2024-40766, affecting Gen 5, 6, and 7 devices, to breach networks via the SSLVPN feature. Although patched on August 22, SonicWall recently confirmed the flaw is now being actively exploited, with Arctic Wolf linking the attacks to Akira ransomware affiliates. Affected devices had local accounts with MFA disabled, and the compromised firmware versions were vulnerable. CISA has ordered federal agencies to patch by September 30, and SonicWall urges immediate updates, restricted access, and MFA use to mitigate further attacks.