Weekly Recap: Ransomware Attacks Target SonicWall Firewalls; Black Hat USA 2025 Announced for Enhanced Cybersecurity Insights.

Last week, Black Hat USA 2025 was held at the Mandalay Bay Convention Center in Las Vegas, showcasing a range of news, photos, and product releases. In an interview with Help Net Security, Marc Frankel, CEO of Manifest Cyber, highlighted the importance of AI Bills of Materials (AIBOMs) in addressing overlooked AI-specific risks, such as poisoned training data and shadow AI. He explained that AIBOMs extend Software Bills of Materials (SBOMs) to enhance transparency regarding datasets, model weights, and third-party integrations, thereby improving governance and incident response. Aayush Choudhury, CEO of Scrut Automation, also discussed the challenges small teams face with security tools designed for large enterprises, emphasising the need for simplicity, integration, and automation to better serve cloud-native teams with limited resources.

Additionally, Jordan Avnaim, CISO at Entrust, spoke about the necessity of communicating the quantum computing threat to executive teams through a risk-based approach, underscoring the urgency of post-quantum cryptography (PQC). Meanwhile, SonicWall firewalls have been targeted in ransomware attacks, potentially via a zero-day exploit. Microsoft announced its development of Project Ire, an autonomous malware detection AI agent that shows promising results. Cisco Talos researchers discovered firmware vulnerabilities in over 100 Dell laptop models, which could allow persistent backdoor access. Furthermore, Trend Micro reported that attackers are probing unauthenticated command injection vulnerabilities in its Apex One platform. Adobe released an emergency update to address critical vulnerabilities in Adobe Experience Manager Forms, while Microsoft urged administrators to address a severe security hole in Exchange. 

Categories: Cybersecurity Events, AI Risk Management, Vulnerabilities and Exploits 

Tags: Black Hat USA 2025, AIBOMs, AI Risk Management, Security Tooling, Post-Quantum Cryptography, Ransomware Attacks, Autonomous Malware Detection, Firmware Vulnerabilities, Command Injection, Security Update