Sophos XG-firewalls targeted by zero-day

Read: https://community.sophos.com/kb/en-us/135412
and https://www.reddit.com/r/netsec/comments/g7vnuj/sophos_xg_firewall_sql_injection_and_rce/
Solved now, but it could have hijacked accounts, which was a bad thing.
Also read: https://news.sophos.com/en-us/2020/04/26/asnarok/

polonus

Sophos warns critical firewall bug is being actively exploited
https://www.bleepingcomputer.com/news/apple/sophos-warns-critical-firewall-bug-is-being-actively-exploited/