Attackers are actively exploiting two zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410, in SonicWall products, posing a significant threat to the company's customers. The vulnerabilities were publicly disclosed by SonicWall in a security advisory, with credit given to an employee for their discovery. However, the company has not provided information on when the vulnerabilities were first discovered or exploited. According to Rapid7 researchers, the vulnerabilities were first exploited on June 22, indicating a potentially lengthy window of exposure. The exploitation of these vulnerabilities expands the active attack surface, making it essential for organizations to prioritize their response based on exposure and evidence of exploitation1. This situation matters to security practitioners because it highlights the need for prompt patching and mitigation to prevent attackers from capitalizing on these newly disclosed vulnerabilities.