Search

Hackers Exploit ArrayOS AG VPN Flaw to Plant Webshells

Cyber threats and incidents
By Monique Angeli Mendoza
Hackers Exploit ArrayOS AG VPN Flaw to Plant Webshells

Related

Founders, Analysts & Industry Voices

In Praise of CISA

Lately, the Cybersecurity and Infrastructure Security Agency (CISA) has...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch: Louisiana Healthcare

Louisiana’s healthcare sector depends on cybersecurity leaders who can...
Read more
Founders, Analysts & Industry Voices

CISOs and Security Leaders Shaping Texas Retail and E-commerce

Texas has quietly become one of the most influential...
Read more
AI and security

Anthropic Unveils Claude Mythos to Find Critical Software Flaws Before Attackers Do

What happened Anthropic unveiled Claude Mythos Preview as the model...
Read more
AI and security

Microsoft Commits $10 Billion to Expand AI and Cybersecurity Infrastructure in Japan

What happened Microsoft announced a $10 billion investment to expand...
Read more

Share

What happened

Attackers are exploiting a command injection flaw in Array Networks’ ArrayOS AG VPN to install webshells on vulnerable devices.

Who is affected

Organizations that use ArrayOS AG VPN appliances and have not applied the most recent security update.

Why CISOs should care

The flaw is under active exploitation. Once attackers plant a webshell, they gain persistent remote access to the device. This access can be used for lateral movement, data theft, or staging further attacks. Since VPN appliances sit at the network edge, a breach can weaken core security controls.

3 practical actions

  1. Patch all ArrayOS AG VPN appliances to the latest version.

  2. Review logs and file systems for webshells or unusual activity.

  3. Isolate VPN appliances from sensitive systems and enforce strict access policies.

Previous article
Cloudflare Outage Knocks Sites Offline With 500 Errors
Next article
Predator Spyware Uses New Tricks to Bypass Device Security
Founders, Analysts & Industry Voices

In Praise of CISA

Lately, the Cybersecurity and Infrastructure Security Agency (CISA) has...
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch: Louisiana Healthcare

Louisiana’s healthcare sector depends on cybersecurity leaders who can...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.