SonicWall Gen 7 VPN Attacks in 20+ Incidents; Trend Micro Apex One and Microsoft CVE-2025-53786 Flaws Raise Hybrid Cloud Risks

SonicWall initially reported a suspected zero-day vulnerability in its Gen 7 firewalls' SSL VPNs exploited by Akira ransomware in over 20 confirmed attacks, targeting domain controllers and bypassing multi-factor authentication. However, SonicWall later clarified that the vulnerability exploited was not a zero-day but a previously patched flaw from 2024. Customers were advised to disable SSL VPNs as a precaution. Concurrently, Trend Micro confirmed active exploitation of a critical zero-day command injection vulnerability in its Apex One on-premise management console, prompting the release of a mitigation tool. Additionally, Microsoft disclosed a critical Exchange Server vulnerability (CVE-2025-53786) affecting hybrid cloud environments, allowing attackers to silently escalate privileges from on-premises Exchange servers to cloud setups without generating logs. The Cybersecurity and Infrastructure Security Agency (CISA) and Microsoft issued warnings about this flaw, highlighting the risk it poses to hybrid cloud infrastructures. Separately, over 6,500 Axis servers, including 4,000 in the U.S., were reported vulnerable to exploits due to exposed remoting protocols.