Hackers are exploiting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks. The Akira ransomware gang has been breaching Cisco VPNs for initial network access. Security researchers have found that these attacks have been ongoing since March, with attackers attempting to guess login credentials. However, no instances of bypassing properly configured multi-factor authentication (MFA) have been detected. At least 11 customers have been breached in these attacks, leading to LockBit and Akira ransomware attacks. Experts advise deactivating default accounts and enforcing MFA for all VPN users.