An SQL Injection vulnerability in the WebAdmin of Cyberoam OS was recently discovered and has been patched through a hotfix. On some systems, this may have been used to create an unrecognized account.
Customers can further protect themselves by ensuring their Web Admin and SSH access is not exposed to WAN (System > Administration > Appliance Access).