{"vulnerability": "CVE-2026-15409", "sightings": [{"uuid": "f5f20f4f-2531-4773-93b1-209b8e374978", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mqmrct2poa2b", "content": "SonicWall\u306eSMA\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u304c\u30bc\u30ed\u30c7\u30a4\u653b\u6483\u306e\u6a19\u7684\u306b(CVE-2026-15409\u3001CVE-2026-15410)\n\nSonicWall\u306f\u3001\u540c\u793e\u306eSecure Mobile Access(SMA)1000\u30b7\u30ea\u30fc\u30ba\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u306b\u5f71\u97ff\u3092\u53ca\u307c\u3059\u3001\u5b9f\u969b\u306b\u60aa\u7528\u3055\u308c\u3066\u3044\u308b2\u4ef6\u306e\u8106\u5f31\u6027(CVE-2026-15409\u3001CVE-2026-15410)\u3092\u4fee\u6b63\u3057\u307e\u3057\u305f\u3002\u9867\u5ba2\u4f01\u696d\u306b\u5bfe\u3057\u3066\u306f\u3001\u4fee\u6b63\u6e08\u307f\u306e\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u30d0\u30fc\u30b8\u30e7\u30f3\u3078\u306e\u30a2\u30c3\u30d7\u30b0\u30ec...", "creation_timestamp": "2026-07-14T17:48:47.016674Z"}, {"uuid": "a69ac70a-2b4a-4bfb-aac1-666e3d19748d", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/34c85e31-e0d4-4c40-9da2-bd1a5ce5c375", "content": "", "creation_timestamp": "2026-07-14T19:00:30.626227Z"}, {"uuid": "465a2268-8045-417a-a985-23a3d54089f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/hapsis.bsky.social/post/3mqmvbuce4c2u", "content": "SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)\n\nwww.helpnetsecurity.com/2026/07/14/s...\n\n#Kyberturvallisuus #Haavoittuvuus #AktiivinenHyv\u00e4ksik\u00e4ytt\u00f6", "creation_timestamp": "2026-07-14T18:59:52.376989Z"}, {"uuid": "abd3a802-db45-4e45-9df5-3adc8f1f31b7", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3ba534d7-8ca3-421b-ab0d-616a88c91a62", "content": "", "creation_timestamp": "2026-07-14T20:00:01.655246Z"}, {"uuid": "ddd62e4f-cf57-4ac2-a945-cba6853cbddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/cvesentinel.bsky.social/post/3mqmzrvb4nk22", "content": "\ud83d\uded1 CVE-2026-15409\nSonicWall SMA1000 Appliances\nKEV: No\nTL;DR: A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Wor\u2026\nhttps://cvesentinel.com/report/CVE-2026-15409?utm_source=bluesky&amp;utm_medium=social&amp;utm_campaign=cvesentinel\n#infosec #CVE #vulnerability", "creation_timestamp": "2026-07-14T20:20:22.675074Z"}, {"uuid": "32c02e9e-ae9f-44b4-9da4-a717967f7465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mqmzrzarrr22", "content": "\ud83d\udd34 EXPLOITED\n\nSonicWall SMA 1000 remote-access gateways have two zero-day flaws under active attack.\n\nA firmware patch alone will not clean an already-hit box.\n\nRe-image, rotate passwords, reset TOTP codes. (CVE-2026-15409/15410)", "creation_timestamp": "2026-07-14T20:20:27.237379Z"}, {"uuid": "00f1f8c3-501d-4561-ab71-9cb7954ccd2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6989989", "content": "2026-07-14: [CVE-2026-15409] SonicWall SMA1000 Appliances Server-Side Request Forgery VulnerabilitySonicWall SMA1000 Appliances contain a server-side request forgery vulnerability that could allow a remote unauthenticated attacker to potentially cause the appliance to make requests to unintended location.\ncisakev", "creation_timestamp": "2026-07-14T20:37:28.167335Z"}, {"uuid": "d2d07411-9e19-4665-baf1-5a6444e8562c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/bleepingcomputer.com/post/3mqn5d4tfmq27", "content": "SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as\u00a0CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates.", "creation_timestamp": "2026-07-14T21:23:42.208155Z"}, {"uuid": "5109f5a9-5753-4220-b753-30ab6a990a09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/happeningnow.news/post/3mqn5waifn22o", "content": "\ud83d\udea8 Breaking: SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now\nSonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to\u2026\n\n\ud83d\udd17 https://hnow.live/a/bd61cd04", "creation_timestamp": "2026-07-14T21:34:23.610401Z"}, {"uuid": "cbae7604-d98f-4029-b6fb-0d59a8bebf9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqna56y7fi2d", "content": "CVE-2026-15409 - sma1000 appliances [known exploited]\nA security issue in SonicWall SMA1000 Appliances could allow an attacker to trick the device into accessing unauthorized websites or\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#sma1000appliances #sonicwall #CVE #infosec", "creation_timestamp": "2026-07-14T22:14:04.310970Z"}, {"uuid": "028c5d66-f443-4b43-a15b-b5609eba3f77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mqnaggxaoy2f", "content": "\ud83e\udd16 SonicWall: two SMA1000 zero-days (CVE-2026-15409, CVE-2026-15410) exploited in the wild. Patches released \u2014 apply now.\nhttps://www.bleepingcomputer.com/news/security/sonicwall-warns-of-sma1000-flaws-exploited-in-zero-day-attacks-patch-now/", "creation_timestamp": "2026-07-14T22:19:15.579063Z"}, {"uuid": "a716e437-44b7-435a-aa07-935a65868dc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "exploited", "source": "https://t.me/BleepingComputer/25109", "content": "\u200aSonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now\n\nSonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as\u00a0CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates. [...]\n\nhttps://www.bleepingcomputer.com/news/security/sonicwall-warns-of-sma1000-flaws-exploited-in-zero-day-attacks-patch-now/", "creation_timestamp": "2026-07-14T23:00:05.132536Z"}, {"uuid": "3b4b4dee-dd35-4ba4-bb14-a3ec6527d8dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mqnefpclnf2a", "content": "SonicWall reports active zero-day exploitation of SMA1000 flaws CVE-2026-15409 and CVE-2026-15410. CISA has added both to KEV, and affected devices may need re-imaging if compromised. #SonicWall #SMA1000 #CISA", "creation_timestamp": "2026-07-14T23:30:25.929256Z"}, {"uuid": "6d0ee887-b781-4ebf-8903-2aca2fe69f8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "exploited", "source": "https://t.me/BleepingComputer/25109", "content": "\u200aSonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now\n\nSonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as\u00a0CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates. [...]\n\nhttps://www.bleepingcomputer.com/news/security/sonicwall-warns-of-sma1000-flaws-exploited-in-zero-day-attacks-patch-now/", "creation_timestamp": "2026-07-15T00:00:05.993819Z"}, {"uuid": "aea646af-4247-4194-b715-25e8b54c6456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mqng6u6m3s2a", "content": "SonicWall SMA1000 SSRF flaw CVE-2026-15409 (CVSS 10.0) is exploited in the wild. Upgrade to hotfix 12.4.3-03453 or 12.5.0-02835 now.\n\n#SonicWall #SMA1000 #SSRF #CVE202615409 #CyberSecurity", "creation_timestamp": "2026-07-15T00:02:22.863076Z"}, {"uuid": "e7ba1719-f052-4ffa-b068-292aa68f51b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/sonicwall-security-advisory-av26-699", "content": "", "creation_timestamp": "2026-07-15T00:15:08.162819Z"}, {"uuid": "7deaec81-0da6-4bad-a95a-9861aaf2aa7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/sonicwall-sma1000-series-products-multiple-vulnerabilities_20260715", "content": "", "creation_timestamp": "2026-07-15T05:15:07.777656Z"}, {"uuid": "42a65bf8-d30d-43fb-a42a-45e7751b2f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqnztgbmgi2p", "content": "CVE-2026-15409 and CVE-2026-15410: SonicWall's Zero-Day Flaws Are Already Under Attack #CyberSecurity #ZeroDayFlaw #SonicWall", "creation_timestamp": "2026-07-15T05:53:54.531226Z"}, {"uuid": "cbe28ab3-04b7-42be-846e-45bc0854b346", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqnzts5njc2i", "content": "CVE-2026-15409: Is SonicWall's Urgent Patch Response Adequate? #CyberSecurity #SonicWall #Vulnerabilities", "creation_timestamp": "2026-07-15T05:54:06.504331Z"}, {"uuid": "ce82147a-de27-47e9-bc1a-926f1a2e01e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mqo4a4rsgx2r", "content": "\ud83e\udd16 CVE-2026-15409 (CVSS 10.0): Two SonicWall SMA 1000 zero-days exploited in the wild \u2014 SSRF leading to RCE. Patch immediately.\n\nhttps://thehackernews.com/2026/07/two-sonicwall-sma-1000-zero-days.html", "creation_timestamp": "2026-07-15T06:36:48.003813Z"}, {"uuid": "6493eda4-9814-444e-9438-1860e8cafdd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mqo4ue3ee27i", "content": "SonicWall SMA\u306e\u30bc\u30ed\u30c7\u30a4\u304c\u60aa\u7528\u3055\u308c\u308b\uff08CVE-2026-15409\u3001CVE-2026-15410\uff09 | Codebook\uff5cSecurity News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/46662/", "creation_timestamp": "2026-07-15T06:48:14.793361Z"}, {"uuid": "0983f7a0-3b7f-465f-83ae-dd273f8172b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/rxerium.com/post/3mqo54sueol2t", "content": "\ud83d\udea8 Two actively exploited zero-days affecting SonicWall SMA1000 appliances: CVE-2026-15409 (CVSS 10.0) and CVE-2026-15410 (CVSS 7.2)\n\nI\u2019ve created vulnerability detection templates here (with confidence levels):\nCVE-2026-15409: github.com/rxerium/rxer...\nCVE-2026-15410: github.com/rxerium/rxer...", "creation_timestamp": "2026-07-15T06:52:51.362792Z"}, {"uuid": "16ab6af9-cd04-42ee-b70c-1f71644e0248", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/rxerium.com/post/3mqo54thpup2r", "content": "CVE-2026-15409 is remotely exploitable without authentication, while CVE-2026-15410 requires an authenticated administrator.\n\nPlatform hotfixes are available through SonicWall\u2019s security advisory:\npsirt.global.sonicwall.com/vuln-detail/...", "creation_timestamp": "2026-07-15T06:52:51.838113Z"}, {"uuid": "7c51b2d3-642d-46ef-a90e-cc24f98287e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mqo5gvvdwi2k", "content": "SonicWall SMA\u306e\u30bc\u30ed\u30c7\u30a4\u304c\u60aa\u7528\u3055\u308c\u308b\uff08CVE-2026-15409\u3001CVE-2026-15410\uff09 | Codebook\uff5cSecurity News https://codebook.machinarecord.com/threatreport/silobreaker-potato-alert/46662/", "creation_timestamp": "2026-07-15T06:58:28.876788Z"}, {"uuid": "4d6680dc-50d8-48b5-99a4-31d1e25f8968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mqo5kcdzgj2t", "content": "SonicWall reports active exploitation of two SMA1000 zero-days, CVE-2026-15409 and CVE-2026-15410. Affected versions 6210, 7210, and 8200v need hotfix updates 12.4.3-03453 or 12.5.0-02835. #SonicWall #SMA1000 #CVE202615410", "creation_timestamp": "2026-07-15T07:00:22.544159Z"}, {"uuid": "31504e92-9878-49ae-a674-cdcb12229b4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-15409", "type": "seen", "source": "https://bsky.app/profile/yazoul-alerts.bsky.social/post/3mqoet4yofu26", "content": "\ud83d\udea8 A CVSS 10.0 vulnerability exists. There is no higher score.\n\nSMA1000 Appliance.\n\nhttps://www.yazoul.net/advisory/cve/cve-2026-15409-sma1000-appliance-ssrf-exploited-in-wild/\n\n#InfoSec #ThreatIntel", "creation_timestamp": "2026-07-15T09:10:35.419164Z"}, {"uuid": "622a52d0-3ca6-4ac1-8c91-cdbd69c13342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mqof6fxs3d27", "content": "SonicWall SMA\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u304c\u30bc\u30ed\u30c7\u30a4\u653b\u6483\u306e\u6a19\u7684\u306b\uff08CVE-2026-15409\u3001CVE-2026-15410\uff09 \n\nSonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)  #HelpNetSecurity (Jul 14)\n\nwww.helpnetsecurity.com/2026/07/14/s...", "creation_timestamp": "2026-07-15T09:16:54.151194Z"}, {"uuid": "ee1702fb-4595-4a61-b4df-284772e7ad18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/bsi.bund.de/post/3mqoho555k222", "content": "\ud83d\udce2\u26a0\ufe0f Sicherheitshinweis: #SonicWall ver\u00f6ffentlichte am 14.07.2026 ein Advisory zu seiner SMA1000-Produktserie &amp; f\u00fchrt darin auf, dass die Modelle 6210, 7210 &amp; 8200v durch zwei neu entdeckte Zero-Day #Schwachstellen (CVE-2026-15409, CVE-2026-1541) verwundbar sind.\n\n\ud83d\udc49\ufe0f www.bsi.bund.de/dok/1203248", "creation_timestamp": "2026-07-15T10:01:31.823197Z"}, {"uuid": "7e6c39bd-e810-48a1-9fe9-30e90059a0d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://thehackernews.com/2026/07/two-sonicwall-sma-1000-zero-days.html", "content": "SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution.\n\nThe vulnerabilities are listed below -\n\n\n  CVE-2026-15409 (CVSS score: 10.0) - A Server-side request forgery (SSRF) vulnerability that a remote unauthenticated attacker could exploit to", "creation_timestamp": "2026-07-15T10:02:19.406836Z"}, {"uuid": "6272b5bf-df27-4d54-9139-efc2199f2f72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://social.bund.de/users/bsi/statuses/116923508784628586", "content": "\u26a0\ufe0f\ud83d\udce2 Sicherheitshinweis: Am 14. Juli 2026 ver\u00f6ffentlichte das Unternehmen #SonicWall ein Advisory zu seiner SMA1000-Produktserie und f\u00fchrte darin aus, dass die Modelle 6210, 7210 und 8200v durch zwei neu entdeckte Zero-Day #Schwachstellen (CVE-2026-15409, CVE-2026-1541) verwundbar sind.\n\u2757\ufe0f Das Unternehmen verweist im Advisory darauf, dass \"zahlreiche F\u00e4lle\" vorliegen, die auf eine Ausnutzung der Schwachstellen schlie\u00dfen lassen.\nMehr dazu hier: \u27a1\ufe0f https://www.bsi.bund.de/dok/1203248 \n@certbund", "creation_timestamp": "2026-07-15T10:27:25.686774Z"}, {"uuid": "12067375-4486-4ef3-8158-4eb443b69786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/116923647282150535", "content": "En las \u00faltimas 24 horas, vulnerabilidades cr\u00edticas en Microsoft SharePoint y SonicWall SMA1000 han sido explotadas, poniendo en riesgo sistemas empresariales; GitHub enfrenta una ola de repositorios maliciosos que roban credenciales, mientras un ciberataque impact\u00f3 la infraestructura de la mayor empresa de taxis en Jap\u00f3n; adem\u00e1s, el debate \u00e9tico sobre algoritmos en operativos policiales gana fuerza. Descubre estos y m\u00e1s detalles en el siguiente listado de noticias sobre seguridad inform\u00e1tica:\n\ud83d\uddde\ufe0f \u00daLTIMAS NOTICIAS EN SEGURIDAD INFORM\u00c1TICA \ud83d\udd12====| \ud83d\udd25 LO QUE DEBES SABER HOY \ufeff\ufeff15/07/26\ufeff\ufeff  \ud83d\udcc6 |==== \n\ud83d\udd13 VULNERABILIDAD CR\u00cdTICA EN MICROSOFT SHAREPOINT: BYPASS DE AUTENTICACI\u00d3N JWT\nRapid7 Labs ha identificado una grave vulnerabilidad en Microsoft SharePoint que permite la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de autenticaci\u00f3n, explotando dos fallos en la gesti\u00f3n de tokens JWT. La amenaza podr\u00eda comprometer la integridad de sistemas empresariales que dependen de esta plataforma, por lo que se recomienda aplicar los parches oficiales de inmediato para evitar posibles intrusiones. Protege tus entornos cr\u00edticos actualizando cuanto antes. Descubre todos los detalles y c\u00f3mo proteger tu sistema aqu\u00ed \ud83d\udc49 https://djar.co/AneU\n\ud83d\udc19 GITHUB INFESTADO: CIENTOS DE REPOSITORIOS MALICIOSOS SIMULAN SOFTWARE LEG\u00cdTIMO\nUna campa\u00f1a masiva ha sido detectada en GitHub, donde cerca de 300 repositorios falsos suplantan proyectos leg\u00edtimos y herramientas de seguridad, distribuyendo malware tipo infostealer capaz de robar credenciales y datos sensibles. Esta estrategia busca enga\u00f1ar a desarrolladores y usuarios confiados para infectar sus dispositivos. Aprende a identificar estos riesgos y a proteger tus entornos de desarrollo leyendo el an\u00e1lisis completo aqu\u00ed \ud83d\udc49 https://djar.co/6wOunr\n\u26a0\ufe0f ALERTA DE SEGURIDAD: VULNERABILIDADES EN DISPOSITIVOS SONICWALL SMA1000 EXPLOTADAS EN ATAQUES ZERO-DAY\nSonicWall ha alertado sobre dos vulnerabilidades cr\u00edticas, CVE-2026-15409 y CVE-2026-15410, siendo activamente explotadas en ataques de d\u00eda cero contra dispositivos SMA1000. Estos fallos permiten a atacantes comprometer redes empresariales con potencial acceso remoto no autorizado. La empresa recomienda encarecidamente aplicar los parches de seguridad disponibles sin demora para evitar brechas que pueden derivar en p\u00e9rdidas de datos sensibles. Protege tus firewalls y sistemas consultando la gu\u00eda de actualizaci\u00f3n aqu\u00ed \ud83d\udc49 https://djar.co/NRw1b\n\ud83d\udd10 ACTUALIZACI\u00d3N SOBRE ATAQUES DE RANSOMWARE HASTA EL 14 DE JULIO DE 2026\nSe presenta un resumen detallado de las t\u00e9cnicas y vectores utilizados en ataques de ransomware recientes, con especial \u00e9nfasis en las tendencias observadas en las \u00faltimas semanas. Adem\u00e1s, se ofrecen recomendaciones pr\u00e1cticas y estrat\u00e9gicas para fortalecer las defensas contra estas amenazas que contin\u00faan afectando organizaciones a nivel global. Mantente informado y aprende c\u00f3mo blindar tu sistema contra estas amenazas leyendo la actualizaci\u00f3n completa aqu\u00ed \ud83d\udc49 https://djar.co/ScDr52\n\ud83d\ude96 CIBERATAQUE EN JAP\u00d3N OBLIGA A CERRAR SISTEMAS DE LA MAYOR EMPRESA DE TAXIS\nNihon Kotsu, el principal operador de taxis en Jap\u00f3n, ha sufrido un ciberataque que comprometi\u00f3 sus sistemas operativos, forzando a la compa\u00f1\u00eda a desconectar partes esenciales de su infraestructura para contener el impacto. Este incidente pone en evidencia la creciente necesidad de robustecer la ciberseguridad en empresas de servicios cr\u00edticos para evitar interrupciones masivas. Conoce qu\u00e9 sucedi\u00f3 y cu\u00e1les son las lecciones para proteger servicios urbanos vitales aqu\u00ed \ud83d\udc49 https://djar.co/FOvs\n\u2696\ufe0f DEBATE SOBRE TECNOLOG\u00cdA Y \u00c9TICA: EL CASO DE JOHAN SEBASTIAN GUERRERO Y EL IMPACTO DE LOS ALGORITMOS EN OPERATIVOS POLICIALES\nLa tr\u00e1gica muerte de Johan Sebastian Guerrero durante una operaci\u00f3n del ICE ha reavivado el debate sobre el uso de Big Data, algoritmos y vigilancia tecnol\u00f3gica en actividades policiales y de control migratorio. Este caso cuestiona la fiabilidad y la \u00e9tica detr\u00e1s de las decisiones automatizadas que pueden afectar vidas humanas, instando a revisar y ajustar estas tecnolog\u00edas para evitar consecuencias fatales. Profundiza en este an\u00e1lisis cr\u00edtico y sus implicaciones aqu\u00ed \ud83d\udc49 https://djar.co/Q6SIpC", "creation_timestamp": "2026-07-15T11:01:14.416091Z"}, {"uuid": "22861d53-9a8e-411a-812f-e4beb8f29ba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-15409", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mqonnyac472x", "content": "\ud83d\udcf0 SonicWall Peringatkan Zero-Day pada SMA1000 Sedang Dieksploitasi, Administrator Diminta Segera Pasang Patch\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/07/15/sonicwall-sma1000-zero-day-cve-2026-15409/\n\n#cisa #cve-2026-15409 #cve-2026-15410 #cyberSecurity #sma1000 #sonicwall #", "creation_timestamp": "2026-07-15T11:48:46.122026Z"}, {"uuid": "9b106486-5a6c-4fad-9347-59697a46dcec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://t.me/information_security_channel/55571", "content": "SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits\nhttps://www.securityweek.com/sonicwall-issues-urgent-sma-patch-warning-for-two-zero-day-exploits/\n\nSonicWall SMA1000 zero-day vulnerabilities CVE-2026-15409 and CVE-2026-15410 can be exploited for remote code execution.\nThe post SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits (https://www.securityweek.com/sonicwall-issues-urgent-sma-patch-warning-for-two-zero-day-exploits/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2026-07-15T12:00:05.656067Z"}, {"uuid": "bb3fd08f-0147-413e-8bcc-320082b2b735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0239", "content": "SonicWall heeft twee kwetsbaarheden verholpen in SonicWall SMA1000 appliances. De kwetsbaarheid met kenmerk CVE-2026-15409 betreft een Server-Side Request Forgery (SSRF) in de Work Place interface, waarmee een niet-geauthenticeerde aanvaller het apparaat verzoeken kan laten sturen naar ongewenste locaties. \n\nDe kwetsbaarheid met kenmerk CVE-2026-15410 is een post-authenticatie code-injectie in de Appliance Management Console (AMC), waardoor een geauthenticeerde aanvaller met admin rechten willekeurige OS-commando's op het apparaat kan uitvoeren. \n\nBeide kwetsbaarheden zijn als zero-days misbruikt. Het NCSC raadt organisaties aan de advisory van SonicWall op te volgen, de aanwezigheid te controleren van de bijgevoegde IoC's en de aanbevolen acties uit te voeren.", "creation_timestamp": "2026-07-15T13:00:52.912488Z"}, {"uuid": "32cd31bb-682f-4dee-a9e2-bde881311361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://www.cert.at/de/warnungen/2026/7/kritische-sicherheitslucken-in-sonicwall-sma1000-series-aktiv-ausgenutzt-updates-verfugbar", "content": "15. Juli 2026\n\nBeschreibung\n\nIn den SonicWall SMA1000 Series Appliances existieren mehrere Sicherheitsl&uuml;cken. Die schwerwiegendere der beiden Schwachstellen erm&ouml;glicht es Angreifer:innen aus der Ferne und ohne Authentifizierung, die Appliance dazu zu bringen, serverseitig Anfragen an eigentlich nicht erreichbare interne Endpunkte zu senden (Server-Side Request Forgery). Laut SonicWall PSIRT werden die in diesem Advisory beschriebenen Schwachstellen bereits aktiv ausgenutzt.\n\nCVE-Nummer(n):&nbsp;CVE-2026-15409, CVE-2026-15410\n\nCVSS Base Score: 10.0\n\nAuswirkungen\n\nCVE-2026-15409 ist eine Server-Side-Request-Forgery-Schwachstelle (SSRF) im Work-Place-Interface der SMA1000 Appliance. Ein:e entfernte:r, nicht authentifizierte:r Angreifer:in kann die Appliance dazu bringen, serverseitig Anfragen an eigentlich nicht erreichbare interne Endpunkte zu senden. Der Hersteller gibt f&uuml;r diese Schwachstelle einen CVSS Base Score von 10.0 an.\n\nCVE-2026-15410 ist eine Schwachstelle vom Typ &bdquo;Improper Control of Generation of Code&ldquo; (Code Injection) in der Appliance Management Console (AMC), die es unter bestimmten Voraussetzungen einem:einer entfernten, als Administrator:in authentifizierten Angreifer:in erm&ouml;glichen kann, beliebige Betriebssystembefehle auszuf&uuml;hren. Der Hersteller gibt f&uuml;r diese Schwachstelle einen CVSS Base Score von 7.2 an.\n\nBetroffene Systeme\n\nBetroffen sind die SMA1000 Modelle 6210, 7210 und 8200v in folgenden Versionen:\n\n\n\n12.4.3-03245, 12.4.3-03387 und 12.4.3-03434 (platform-hotfix)\n\n12.5.0-02283, 12.5.0-02624 und 12.5.0-02800 (platform-hotfix)\n\n\nLaut Hersteller sind SSL-VPN auf SonicWall-Firewalls sowie die SMA 100 Series Produktlinie nicht von diesen Schwachstellen betroffen.\n\nAbhilfe\n\nSonicWall stellt einen platform-hotfix bereit, der die Schwachstellen behebt:\n\n\n\n12.4.3-03453 (platform-hotfix) und h&ouml;her\n\n12.5.0-02835 (platform-hotfix) und h&ouml;her\n\n\nDer aktuelle platform-hotfix steht auf mysonicwall.com zum Download bereit. Ein Workaround steht laut Hersteller nicht zur Verf&uuml;gung.\n\nDa eine aktive Ausnutzung beobachtet wurde, empfiehlt SonicWall zus&auml;tzlich, das System auf Anzeichen einer Kompromittierung (Indicators of Compromise) zu &uuml;berpr&uuml;fen. Dazu z&auml;hlen unter anderem:\n\n\n\nEintr&auml;ge in extraweb_access.log mit Anfragen an /__api__/login oder /__api__/logout mit HTTP-Status 200\n\nEintr&auml;ge in extraweb_access.log mit Anfragen an /wsproxy mit auff&auml;lligen Host-Parametern und HTTP-Status 101\n\nEintr&auml;ge in ctrl-service.log mit Hotfix-Rollbacks mit Path-Traversal-Namen\n\nRouten f&uuml;r /__api__/login oder /__api__/logout in /var/lib/unit/conf.json (diese URIs existieren in einer legitimen Konfiguration nicht)\n\n\nWerden IOCs festgestellt, empfiehlt SonicWall, betroffene Appliances neu aufzusetzen (Hardware: re-image, virtuell: re-deploy), Benutzer:innen- und Administrator:innen-Passw&ouml;rter zu &auml;ndern sowie TOTP-Token zur&uuml;ckzusetzen.\n\nHinweis\n\nGenerell empfiehlt CERT.at, s&auml;mtliche Software aktuell zu halten und dabei insbesondere auf automatische Updates zu setzen. Regelm&auml;&szlig;ige Neustarts stellen sicher, dass diese auch zeitnah aktiviert werden.\n\n\n\nInformationsquelle(n):\n\nSonicWall SMA1000 Series Appliances Affected By Multiple Vulnerabilities (Englisch)https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0008", "creation_timestamp": "2026-07-15T13:00:53.290020Z"}, {"uuid": "d36c373a-5a7d-4243-b241-65474dac1805", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://www.cert.se/2026/07/kritiska-sarbarheter-i-sonicwall.html", "content": "", "creation_timestamp": "2026-07-15T13:16:17.028064Z"}, {"uuid": "a90953ff-ca0b-4a23-a567-d905bc64138d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/happeningnow.news/post/3mqotjan64524", "content": "CISA Adds Four Known Exploited Vulnerabilities to Catalog\nCISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-15409 SonicWall SMA1000\u2026\n\n\ud83d\udd17 https://hnow.live/a/166a55c5", "creation_timestamp": "2026-07-15T13:33:29.667307Z"}, {"uuid": "80420601-f6b2-425b-8ff8-69222c8bbe9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3mqouougghc2c", "content": "SonicWall confirms active exploitation of CVE-2026-15409 (CVSS 10 SSRF) and CVE-2026-15410 (code injection) in SMA 1000. Identify every exposed appliance, hotfix it, preserve logs, and investigate unexpected appliance-to-internal traffic.", "creation_timestamp": "2026-07-15T13:54:31.924987Z"}, {"uuid": "d0d0375f-1a7b-4859-93cf-abeba34a9ce4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3mqouougobc2c", "content": "SonicWall confirms active exploitation of CVE-2026-15409 (CVSS 10 SSRF) and CVE-2026-15410 (code injection) in SMA 1000. Identify every exposed appliance, hotfix it, preserve logs, and investigate unexpected appliance-to-internal traffic.", "creation_timestamp": "2026-07-15T13:54:32.403293Z"}, {"uuid": "404dbda5-32ca-4d64-8db5-00035ec04c54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3mqouougpak2c", "content": "SonicWall confirms active exploitation of CVE-2026-15409 (CVSS 10 SSRF) and CVE-2026-15410 (code injection) in SMA 1000. Identify every exposed appliance, hotfix it, preserve logs, and investigate unexpected appliance-to-internal traffic.", "creation_timestamp": "2026-07-15T13:54:32.886063Z"}, {"uuid": "4c042ff5-b5a4-4be0-a56b-b85c8c93fec4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3mqouougpal2c", "content": "SonicWall confirms active exploitation of CVE-2026-15409 (CVSS 10 SSRF) and CVE-2026-15410 (code injection) in SMA 1000. Identify every exposed appliance, hotfix it, preserve logs, and investigate unexpected appliance-to-internal traffic.", "creation_timestamp": "2026-07-15T13:54:33.371305Z"}, {"uuid": "c6f4e235-a014-4c2c-9745-a484279fb175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/alphahunt.io/post/3mqouougr732c", "content": "SonicWall confirms active exploitation of CVE-2026-15409 (CVSS 10 SSRF) and CVE-2026-15410 (code injection) in SMA 1000. Identify every exposed appliance, hotfix it, preserve logs, and investigate unexpected appliance-to-internal traffic.", "creation_timestamp": "2026-07-15T13:54:33.824109Z"}, {"uuid": "7399371d-1dc3-429f-a0a2-892c81cba173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/kotosecurity.bsky.social/post/3mqov7hex2n2w", "content": "\ud83d\udea8 VULN: SonicWall SMA 1000 \u2014 2 zero-days actively exploited: CVE-2026-15409 (CVSS 10.0, SSRF) &amp; CVE-2026-15410 (CVSS 7.2, post-auth code injection \u2192 admin cmd exec). Patch to 12.4.3-03453+/12.5.0-02835+. Src: The Hacker News", "creation_timestamp": "2026-07-15T14:03:49.483578Z"}, {"uuid": "70e31a1e-201d-49bc-85e9-9b295907dfb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/cert-fr.bsky.social/post/3mqow6efupj2c", "content": "\u26a0\ufe0fAlerte CERT-FR\u26a0\ufe0f\n\nLes vuln\u00e9rabilit\u00e9s CVE-2026-15409 et CVE-2026-15410 affectent les SMA 1000 et permettent une SSRF ainsi que d'ex\u00e9cuter du code arbitraire \u00e0 distance.\nElle sont activement exploit\u00e9es.\n\nwww.cert.ssi.gouv.fr/alerte/CERTF...", "creation_timestamp": "2026-07-15T14:21:06.117805Z"}, {"uuid": "8ab3e000-6f50-4b55-8f29-6ddedb616a27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://social.numerique.gouv.fr/users/cert_fr/statuses/116924433303774121", "content": "\u26a0\ufe0fAlerte CERT-FR\u26a0\ufe0f\nLes vuln\u00e9rabilit\u00e9s CVE-2026-15409 et CVE-2026-15410 affectent les SMA 1000 et permettent une SSRF ainsi que d'ex\u00e9cuter du code arbitraire \u00e0 distance.Elle sont activement exploit\u00e9es.\nhttps://www.cert.ssi.gouv.fr/alerte/CERTFR-2026-ALE-006/", "creation_timestamp": "2026-07-15T14:21:07.087425Z"}, {"uuid": "e36e6200-0631-4d86-8180-981c9b6ddb74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/cert-fr.bsky.social/post/3mqoykcbovc2w", "content": "\u26a0\ufe0fAlerte CERT-FR\u26a0\ufe0f\n\nLes vuln\u00e9rabilit\u00e9s CVE-2026-15409 et CVE-2026-15410 affectent les SMA 1000 et permettent une SSRF ainsi que d'ex\u00e9cuter du code arbitraire \u00e0 distance.\nElles sont activement exploit\u00e9es.", "creation_timestamp": "2026-07-15T15:03:33.582147Z"}]}