Active exploitation of a critical zero-day flaw in Sophos' firewall product has prompted Sophos to immediately issue a patch update, reports The Hacker News. Threat actors have been exploiting the code injection vulnerability, tracked as CVE-2022-3236, in Sophos Firewall v19.0 MR1 (19.0.1) and older "to target a small set of specific organizations, primarily in the South Asia region," according to Sophos. Users of vulnerable devices have been advised to ensure that their User Portal and Webadmin are not connected to WAN. Sophos has also urged security teams to upgrade to the latest supported version of the firewall offering. Such active exploitation of a Sophos Firewall flaw comes after another bug, tracked as CVE-2022-1040, had been leveraged in attacks against South Asia-based organizations in March. Chinese advanced persistent threat group DriftingCloud was later identified in June by Volexity to be behind the campaign. Sophos Firewall instances have also been targeted to distribute the Asnark trojan.