Mastodawn

New.

"The attackers got in through a compromised SonicWall VPN."

Huntress: The Great VM Escape: ESXi Exploitation in the Wild https://www.huntress.com/blog/esxi-vm-escape-exploit @huntress #infosec #threatresearch #VMWare #SonicWall

ESXi Exploitation in the Wild | Huntress

Huntress outlines a complex, multi-step attack designed to break out of guest VMs and target the ESXi hypervisor, using potential zero-day vulnerabilities and sneaky VSOCK communication.

Huntress

CyberVeille.ch 5d ago

📢 Fuite de données chez un fournisseur: l’attaque ransomware contre Marquis expose des clients de banques américaines
📝 Selon BankInfoSecurity (article de Mathew...
📖 cyberveille : https://cyberveille.ch/posts/2026-01-04-fuite-de-donnees-chez-un-fournisseur-lattaque-ransomware-contre-marquis-expose-des-clients-de-banques-americaines/
🌐 source : https://www.bankinfosecurity.com/more-banks-issue-breach-notifications-over-supplier-breach-a-30421
#SonicWall #banques #Cyberveille

Fuite de données chez un fournisseur: l’attaque ransomware contre Marquis expose des clients de banques américaines

Selon BankInfoSecurity (article de Mathew J. Schwartz, 31 décembre 2025), plusieurs établissements financiers américains notifient des fuites de données liées à une attaque de ransomware ayant ciblé le fournisseur Marquis Software Solutions, éditeur texan de logiciels de marketing et de conformité pour plus de 700 banques et credit unions. • Nature de l’incident: une attaque de ransomware le 14 août impliquant la compromission d’un pare-feu SonicWall de Marquis. Des enquêteurs externes mandatés par Marquis ont établi que l’attaquant a pu accéder à des fichiers stockés par Marquis pour le compte de ses clients professionnels et que l’incident serait limité à l’environnement de Marquis. Les données potentiellement exposées incluent: noms, adresses, numéros de téléphone, numéros de sécurité sociale (SSN), informations de compte financier sans codes d’accès, et dates de naissance. 🚨

CyberVeille

Show thread

Ⓜ3️⃣3️⃣ 🌌Dec 19

Sonicwall: "First!" 😆 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019

(in all good fun, keep up !) #sonicwall

Security Advisory

The New Oil Dec 19

#Sonicwall warns of new #SMA1000 zero-day exploited in attacks

https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-new-sma1000-zero-day-exploited-in-attacks/

#cybersecurity

Sonicwall warns of new SMA1000 zero-day exploited in attacks

SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges.

BleepingComputer

circl Dec 18

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

#sonicwall #vulnerabilitymanagement #cybersecurity

CVE-2025-40602

🔗 https://vulnerability.circl.lu/vuln/CVE-2025-40602#sightings

cvelistv5 - CVE-2025-40602

Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.

securityaffairs Dec 18

U.S. #CISA adds #Cisco, #SonicWall, and #ASUS flaws to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/185830/security/u-s-cisa-adds-cisco-sonicwall-and-asus-flaws-to-its-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Cisco, SonicWall, and ASUS vulnerabilities to its Known Exploited Vulnerabilities catalog..

Security Affairs

Offensive Sequence Dec 18

⚠️ CRITICAL zero-day in SonicWall SMA 1000 exploited in the wild! Remote code execution possible with no auth. Patch urgently, segment networks, check logs for IOCs. No CVE yet. Details: https://radar.offseq.com/threat/sonicwall-patches-exploited-sma-1000-zero-day-0b1eed74 #OffSeq #SonicWall #ZeroDay #InfoSec

securityaffairs Dec 17

#SonicWall warns of actively exploited flaw in SMA 100 AMC
https://securityaffairs.com/185809/hacking/sonicwall-warns-of-actively-exploited-flaw-in-sma-100-amc.html
#securityaffairs #hacking

SonicWall warns of actively exploited flaw in SMA 100 AMC

SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks.

Security Affairs

TechNadu Dec 8

iQ Credit Union has disclosed that a ransomware incident at its vendor, Marquis Software Solutions, exposed personal information of over 111K Washington residents. The attacker accessed files containing names, SSNs, dates of birth, addresses, and partial financial data after exploiting a SonicWall firewall.

Identity protection services are being provided, and individuals are advised to monitor accounts and consider credit freezes.

How should financial institutions rethink vendor-risk strategies moving forward?

Source: https://www.claimdepot.com/data-breach/iq-credit-union-2025

Share your insights and follow us for ongoing threat-intelligence updates.

#infosec #databreach #FinancialSecurity #VendorRisk #SonicWall #ThreatIntel #IdentityProtection #Ransomware #SecurityAwareness

TechNadu Dec 8

GreyNoise reports a coordinated wave of login attempts against Palo Alto GlobalProtect portals, later expanding into scans of SonicWall SonicOS API endpoints. More than 7,000 IPs tied to 3xK GmbH infrastructure were involved.

Palo Alto Networks confirmed the activity represents credential-based probing, not a vulnerability exploit.
Defenders are encouraged to enforce MFA, track recurring client fingerprints, and apply dynamic blocking.

Source: https://www.bleepingcomputer.com/news/security/new-wave-of-vpn-login-attempts-targets-palo-alto-globalprotect-portals/

How are you monitoring for reconnaissance patterns across VPN and firewall surfaces today?
Share your approach and follow us for more operational threat updates.

#infosec #PaloAltoNetworks #SonicWall #GlobalProtect #ThreatHunting #ThreatIntel #NetworkSecurity #VPNsecurity