It was weird that I couldn't find in this Sophos report *what* was actually exploited aside of CVEs and codenames... then CVE info showed they were Sophos devices :P

https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/