Global Surge of VPN Exploits: Brute-Force, Blast-RADIUS and Password Spray

This timeline outlines widespread brute-force and password-spray campaigns and multiple critical vulnerabilities (including a protocol-level RADIUS flaw “Blast-RADIUS” and several vendor-specific CVEs/zero-days) actively exploited against VPNs and network appliances (Cisco, Fortinet, SonicWall, Ivanti, etc.), notes credential theft and ransomware (Akira) follow-on activity, and provides defensive recommendations such as MFA, patching, and migrating to RADIUS over TLS.