Cybercriminals behind Akira ransomware are exploiting SonicWall SSL VPN devices in what appears to be a zero-day attack, successfully breaching fully-patched systems. The attacks target organizations using SonicWall's VPN infrastructure, raising serious concerns about a previously unknown vulnerability.

Since the compromised devices were up-to-date with security patches, security experts suspect attackers discovered and weaponized a new flaw before SonicWall could address it. Organizations using SonicWall VPNs face immediate risk and should monitor their networks closely for suspicious activity while awaiting official patches.

Source: The Hacker News

A new wave of ransomware attacks may be exploiting an unknown zero-day vulnerability in SonicWall firewall devices, researchers warn. Arctic Wolf detected suspicious activity starting July 15, when hackers used VPN access through SonicWall SSL VPNs to launch intrusions the following week. The attackers deployed Akira ransomware in hands-on attacks after compromising the devices.

What's particularly concerning: hackers breached fully patched SonicWall systems with rotated credentials and even bypassed multi-factor authentication. This echoes similar attacks from 2024 targeting CVE-2024-40766. Arctic Wolf's investigation remains preliminary, but the pattern suggests a serious new threat to SonicWall users.

Source: Cybersecurity Dive

Cybercriminals have created over 250 fake Android and iOS apps targeting Korean users, disguising spyware as legitimate dating, social media, and file-sharing services. These convincing copycats feature professional logos and fake five-star reviews to trick users into downloading them. Once installed, the malware steals contacts, photos, messages, and device data.

Attackers then escalate to personal blackmail, as happened to one victim who downloaded a fake dating app after a breakup. The hacker contacted his family members with threats after luring him into compromising situations. Researchers from Zimperium discovered 88 domains behind the campaign, with 25 indexed by Google search results.

Source: Dark Reading

Ontario Health atHome knew about a massive cyberattack affecting up to 200,000 patients as early as April 14 but didn't tell the public until June 27. The breach at vendor Ontario Medical Supply actually happened in March, compromising patient names, addresses, medical diagnoses, and prescription data.

The agency waited six weeks to notify Ontario's privacy commissioner and only informed patients after Liberal MPP Adil Shamji forced their hand by revealing the incident publicly. Health Minister Sylvia Jones then ordered the agency to contact affected patients. Critics call the delay "deception" and "incompetence," warning the stolen data could enable identity theft and blackmail.

Source: Global News

Cybercriminals are exploiting legitimate email security services from Proofpoint and Intermedia to launch sophisticated phishing attacks targeting Microsoft 365 users. The hackers use these trusted platforms' link-wrapping features to create multi-layered redirects that bypass security filters and appear legitimate to victims.

When users click these disguised links, they're taken through several redirects before landing on fake Microsoft login pages designed to steal their credentials. This technique is particularly dangerous because it leverages trusted security brands, making the malicious emails harder to detect and more likely to fool recipients.

Source: The Hacker News

Apple released security updates Tuesday fixing dozens of vulnerabilities, including CVE-2025-6558, a bug already exploited against Chrome users. Google patched this flaw in Chrome 138 last July after discovering active attacks targeting its graphics components. The vulnerability lets attackers escape browser sandboxes through malicious web pages.

Apple's updates cover iOS 18.6, macOS Sequoia 15.6, and other platforms, patching 87 CVEs in macOS alone. While there's no evidence Safari users were targeted, the flaw could crash the browser when visiting malicious sites. CISA previously flagged this as a critical threat requiring federal agencies to patch by August 12.

Source: Security Week

Cybercriminals exploited a critical SAP vulnerability (CVE-2025-31324) to breach a U.S. chemicals company and install Auto-Color malware on their Linux systems. The attack demonstrates how hackers are targeting enterprise software flaws to gain access to corporate networks.

SAP systems are widely used by major corporations for business operations, making this vulnerability particularly concerning for companies across industries. Organizations running SAP software should immediately apply security patches and review their Linux system configurations to prevent similar attacks.

Source: thehackernews.com

French telecom giant Orange detected a cyberattack on July 25 that disrupted management services for corporate and individual customers, mainly in France. The company's security team quickly isolated affected systems to minimize damage. Services should be restored by July 30, and Orange says no customer data appears stolen so far. Authorities have been notified, but Orange won't share additional details.

This follows February incidents where hackers claimed to steal gigabytes of Orange data, including customer information and source code, though Orange downplayed those breaches as affecting only non-critical systems.

Source: Security Week

The Gunra ransomware group, which emerged in April targeting Windows systems, has released a sophisticated Linux variant capable of running 100 parallel encryption threads—double what most ransomware allows. This cross-platform expansion makes Gunra particularly dangerous, offering attackers unprecedented speed and flexibility in file encryption.

The group gained notoriety by allegedly leaking 40TB of hospital data in May and has since targeted victims across Brazil, Japan, Canada, Turkey, South Korea, Taiwan, and the US. Unlike its Windows version, the Linux variant skips ransom notes and focuses purely on rapid, configurable encryption. Trend Micro researchers warn organizations to monitor this fast-evolving threat closely.

Source: Dark Reading

Google researchers exposed UNC3944, a ransomware group targeting US retail, airline, and insurance companies through sophisticated phone scams. The hackers call IT help desks pretending to be employees, trick staff into resetting passwords, then use stolen credentials to access virtual server systems and deploy ransomware within hours.

Unlike typical cyberattacks, they don't use malware but manipulate legitimate administrative tools, making detection extremely difficult. The group's activity declined after 2024 law enforcement actions. But other ransomware groups are now copying these tactics, making this a growing threat requiring immediate defensive action.

Source: Industrial Cyber