The security vendor silently patched a vulnerability, but did not assign the flaw a CVE or publicly disclose its existence until 17 days later. By then, widespread…

The tech giant didn’t report active exploitation of any of the patched defects, yet details about potential impacts remain limited.

Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed.

The vendor belatedly admitted the max-severity vulnerability was actively exploited weeks after researchers and officials confirmed as much independently.

The security vendor’s customers have confronted a barrage of actively exploited defects since 2021. The brute-force attack on a company-controlled system underscores broader security pitfalls are afoot.

The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.

The company confirmed to CyberScoop that an unidentified cybercriminal accessed SonicWall’s customer portal through a series of brute-force attacks.

A recent wave of attacks targeting SonicWall customers has researchers and authorities on alert. Many victim organizations had misconfigurations in their systems.

The vendor, which has been widely targeted, said the memory-overflow vulnerability can result in remote-code execution or denial of service.

The defect, which affects the company’s most popular devices, has been exploited in an “extremely sophisticated attack against specific targeted individuals,” Apple said.