Weekly Recap: Ransomware Attacks Target SonicWall Firewalls; Black Hat USA 2025 Announced

Last week, Black Hat USA 2025 was held at the Mandalay Bay Convention Center in Las Vegas, showcasing a variety of news, photos, and product releases. In an interview with Help Net Security, Marc Frankel, CEO of Manifest Cyber, highlighted the importance of AI Bills of Materials (AIBOMs) in addressing overlooked AI-specific risks, such as poisoned training data and shadow AI. He explained that AIBOMs extend Software Bills of Materials (SBOMs) to enhance transparency regarding datasets, model weights, and third-party integrations, thereby improving governance and incident response. Aayush Choudhury, CEO of Scrut Automation, also discussed the challenges small teams face with security tools designed for large enterprises, emphasising the need for simplicity, integration, and automation to better serve cloud-native teams with limited resources.

In further discussions, Jordan Avnaim, CISO at Entrust, addressed the quantum computing threat and the necessity of post-quantum cryptography (PQC) as a long-term priority. Meanwhile, SonicWall firewalls have been targeted by attackers using the Akira ransomware, potentially exploiting a zero-day vulnerability. Microsoft announced its development of Project Ire, an autonomous malware detection AI agent that shows promising results. Additionally, Cisco Talos researchers discovered firmware vulnerabilities in over 100 Dell laptop models, which could allow persistent backdoor access. Trend Micro reported that attackers are probing unauthenticated command injection vulnerabilities in its Apex One platform, while Adobe released an emergency update to fix critical vulnerabilities in Adobe Experience Manager Forms. Lastly, Microsoft urged administrators to address a severe privilege escalation vulnerability in Exchange. 

Categories: Cybersecurity Events, AI Risk Management, Vulnerabilities and Exploits 

Tags: Black Hat USA 2025, AIBOMs, AI Risk Management, Security Tooling, Post-Quantum Cryptography, Ransomware Attacks, Autonomous Malware Detection, Firmware Vulnerabilities, Command Injection, Security Update