Volexity researchers laid bare a sophisticated campaign by Chinese APT abusing a critical zero-day in Sophos’ firewall product. Sophos has fixed the flaw; provided mitigations to help organizations use their firewall and protect against threat actors abusing the vulnerability.