Sophos fixed a zero-day vulnerability in their firewalls. CVE-2022-3236 is a code injection vulnerability in the User Portal and Webadmin components and can lead to remote code execution. Be sure to check your Sophos Firewalls for an update!
You can read more in our blog post and get a list of Sophos devices.