For now, SonicWall and Duo users can breathe easy. The silent threat is silent no more—and it has been eradicated.
In a brief statement, Duo Security confirmed the patch: "We identified a logic flaw in a legacy integration component that could have potentially been leveraged to bypass authentication. The issue has been mitigated across our cloud infrastructure. No active exploitation was detected in customer environments." duo hackcom sonic fixed
Many admins mistakenly set this to "TOTP" or "Email," assuming it enables the 2FA process. However, setting this to "Disabled" allows the Duo Authentication Proxy to handle the secondary authentication via its own out-of-band "Auto Push". 🔄 Verify Your Proxy Configuration For now, SonicWall and Duo users can breathe easy
The resolution of the incident teaches us three critical lessons: The issue has been mitigated across our cloud infrastructure
We want to thank the HackCom team for their responsible disclosure. While "Sonic" was a clever attack vector, no active exploitation has been detected in the wild. However, with proof-of-concept code now circulating on GitHub, patching is mandatory, not optional.
Alex opened the ROM in a custom debugger. On screen, a blue blur of Sonic—his iconic silhouette—suddenly froze mid‑spin, the game’s music stuttering into static. The bug had been reported by a handful of speedrunners on an old forum thread titled “Sonic 2: The Spin‑Dash That Won’t Spin.” No one had been able to replicate it on modern emulators, but the original hardware still hiccupped.
If you are looking for a "fixed" Sonic experience, the community generally highlights these projects: Sonic 1 Forever Sonic 2 Absolute