Ongoing Attacks on GlobalProtect and SonicWall APIs, Critical Apache XXE Vulnerability Reported

Security Affairs Newsletter Round 553 highlights a campaign of attacks targeting GlobalProtect portals and SonicWall APIs. While the specific threat actors and the timeline of these attacks are not disclosed, this activity underscores the ongoing risk to remote access and network security solutions. The newsletter also reports the discovery of a critical XML External Entity (XXE) vulnerability in Apache software. However, essential details such as the CVE identifier, affected versions, and exploitation vectors are not provided in the source material. XXE vulnerabilities can allow attackers to execute arbitrary code or access sensitive data, depending on the application's configuration. The potential impact of these threats includes system intrusion and data compromise. Given the lack of specific technical details in the available information, organizations are encouraged to monitor official Apache and SonicWall security advisories for patching guidance and indicator of compromise (IOC) details. Cybersecurity teams should prioritize vulnerability management and enhance monitoring for unusual activity associated with these platforms. Although the source material does not provide comprehensive technical details, the disclosed information serves as a reminder of the importance of timely patching and robust security practices.