A large-scale brute force attack campaign using 2.8 million IP addresses is actively targeting edge security devices, including VPNs, firewalls, and gateways from vendors like Palo Alto Networks, Ivanti, and SonicWall. First detected in January 2025 by The Shadowserver Foundation, the attack has intensified, with hackers attempting to breach credentials for remote access. The majority of attacking IPs originate from Brazil, Turkey, and Russia, with compromised routers and residential proxies fueling the campaign. Recent vulnerabilities (e.g., Ivanti CVE-2024-8190, SonicWall CVE-2025-23006) further expose unpatched devices to exploitation. Cybersecurity agencies urge organizations to implement MFA, patch systems, and improve security controls to mitigate ongoing threats. Continue here.
