Skip to main content Tech Radar Pro Tech Radar Gaming Tech Radar Pro TechRadar the business technology experts Search TechRadar View Profile België (Nederlands) Deutschland North America US (English) Australasia New Zealand Expert Insights Website builders Web hosting Best web hosting Best office chairs Best website builder Best antivirus Expert Insights Recommended reading SonicWall warns of fake VPN apps stealing user logins and putting businesses at risk - here's what we know These two Ivanti bugs are allowing hackers to target cloud instances - so patch now Commvault attack may put SaaS companies across the world at risk, CISA warns Another major MOVEit flaw could be on the way - here's what we know CISA warns hackers are actively exploiting critical CitrixBleed 2 CitrixBleed 2 exploits are now in the wild, so patch now Ransomware hackers target a new Windows security flaw to hit businesses Hacker using backdoor to exploit SonicWall Secure Mobile Access to steal credentials Ellen Jennings-Trace 17 July 2025 The vulnerability is fully patched, but criminals are still finding a way When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Getty Images) A threat actor has used a patched vulnerability in SonicWall software The group is tracked as UNC6148 This allowed UNC6148 to potentially steal credentials and deploy ransomware A financially motivated threat actor, tracked by Google’s Threat Intelligence Group as UNC6148, has been observed targeting patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances. These attacks, Google determines with ‘high confidence’, are using credentials and one-time passwords (OTP) seeds that were obtained through previous instructions, which has allowed them to re-access even after organizations have updated their security. A zero-day remote code execution vulnerability, Google says with ‘moderate confidence’, was used to deploy OVERSTEP on the targeted SonicWall SMA appliances. The threat intelligence group also “assesses with moderate confidence that UNC6148's operations, dating back to at least October 2024, may be to enable data theft and extortion operations, and possibly ransomware deployment.” You may like SonicWall warns of fake VPN apps stealing user logins and putting businesses at risk - here's what we know These two Ivanti bugs are allowing hackers to target cloud instances - so patch now Commvault attack may put SaaS companies across the world at risk, CISA warns The previously unknown persistent backdoor/user-mode rootkit, OVERSTEP, was deployed by the actor. This malware modifies the appliance’s boot process to allow persistent access, steal sensitive credentials, and then hide its own components; “An organization targeted by UNC6148 in May 2025 was posted to the "World Leaks" data leak site (DLS) in June 2025, and UNC6148 activity overlaps with publicly reported SonicWall exploitation from late 2023 and early 2024 that has been publicly linked to the deployment of Abyss-branded ransomware (tracked by GTIG as VSOCIETY),” Google continued. Earlier in 2025, SonicWall firewalls were hit by a worrying cyberattack, in which a vulnerability was leveraged by threat actors to gain access to target endpoints, interfere with the VPN, and further disrupt the target further. These attacks highlight the importance of updating software as soon as patches become available. Organizations which fail to keep on top of system updates can be left vulnerable to known-exploits. If it’s too daunting of a task, take a look at our choices for the best patch management software for a helping hand. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You might also like Pegasus spyware is still targeting top business leaders Take a look at the best encrypted messaging apps Check out our choice for best malware removal software around Ellen Jennings-Trace Staff Writer Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content. You must confirm your public display name before commenting Please logout and then login again, you will then be prompted to enter your display name. SonicWall warns of fake VPN apps stealing user logins and putting businesses at risk - here's what we know These two Ivanti bugs are allowing hackers to target cloud instances - so patch now Commvault attack may put SaaS companies across the world at risk, CISA warns Another major MOVEit flaw could be on the way - here's what we know CISA warns hackers are actively exploiting critical CitrixBleed 2 CitrixBleed 2 exploits are now in the wild, so patch now Latest in Security Cisco ISE maximum severity flaw lets hackers execute root code Over 1 million records from US adoption organization left exposed online Europol says it disrupted a major pro-Russian DDoS crime gang It seems even DNS records can be infected with malware now - here's why that's a major worry Hackers hijack Microsoft Teams to spread malware to certain firms - find out if you're at risk Data of all 6.5 million Co-op members stolen - CEO says she is 'incredibly sorry' Latest in News Netflix confirms Assassin's Creed live-action TV show is in the works, and I'm praying it doesn't silently kill the popular video game series OpenAI just announced ChatGPT Agent – live updates from the launch as it happens Donkey Kong wears clothes in Banaza because Nintendo was 'conscious' of what the ape would look like 'from the back' ExpressVPN now offers servers in all 50 US states – here’s why it matters Adobe Firefly is about to make its biggest leap in AI video yet with a new model and Veo 3 integration Ubisoft names the company CEO's son Charlie Guillemot as co-CEO of new Tencent-funded subsidiary – 'What matters now isn’t my name, it’s the work ahead' LATEST ARTICLES Netflix confirms Assassin's Creed live-action TV show is in the works, and I'm praying it doesn't silently kill the popular video game series Cisco ISE maximum severity flaw lets hackers execute root code I reviewed Seagate’s 30TB Exos Mozaic+, here’s why it’s a data hoarder’s dream This Dell laptop deal is the perfect Ryzen 7 notebook under $500 for students and professionals - shame it suffers from one fatal flaw OpenAI just announced ChatGPT Agent – live updates from the launch as it happens TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. Contact Future's experts Terms and conditions Privacy policy Cookies policy Advertise with us Web notifications Accessibility Statement Future US, Inc. Full 7th Floor, 130 West 42nd Street, Please login or signup to comment Please wait...