The Australian Cyber Security Centre (ACSC) has issued a warning regarding the active exploitation of a critical vulnerability (CVE-2024-40766) in SonicWall SSL VPN appliances, which could allow unauthorized access and potential firewall crashes. This high-severity flaw affects multiple SonicWall device generations, particularly those that did not reset local user passwords during recent migrations. SonicWall has urged immediate firmware updates and the implementation of multi-factor authentication to mitigate risks. Organizations are advised to audit their systems closely, enhance access controls, and decommission outdated devices to protect against ongoing threats. The ACSC continues to monitor the situation and stresses urgent compliance with recommended actions.