Weekly Recap: Ransomware Attacks Target SonicWall Firewalls; Black Hat USA 2025 Announced for Enhanced Cybersecurity Insights.

Last week, Black Hat USA 2025 was held at the Mandalay Bay Convention Center in Las Vegas, showcasing a variety of news, photos, and product releases. In an interview with Help Net Security, Marc Frankel, CEO of Manifest Cyber, highlighted the importance of AI Bills of Materials (AIBOMs) in addressing overlooked AI-specific risks, such as poisoned training data and shadow AI. He explained that AIBOMs extend Software Bills of Materials (SBOMs) to enhance transparency regarding datasets, model weights, and third-party integrations, thereby improving governance and incident response. Aayush Choudhury, CEO of Scrut Automation, also discussed the challenges small teams face with security tools designed for large enterprises, emphasising the need for simplicity, integration, and automation to better serve cloud-native teams with limited resources.

In another interview, Jordan Avnaim, CISO at Entrust, spoke about the necessity of communicating the quantum computing threat to executive teams through a risk-based approach, underscoring the urgency of post-quantum cryptography (PQC) as a long-term priority. Meanwhile, SonicWall firewalls have been targeted by attackers using the Akira ransomware, potentially exploiting a zero-day vulnerability since July 15, 2025. Microsoft announced its development of Project Ire, an autonomous malware detection AI agent that shows promising potential. Additionally, Cisco Talos researchers discovered firmware vulnerabilities in over 100 Dell laptop models, which could allow persistent backdoor access even after Windows reinstalls. Trend Micro warned that attackers are probing unauthenticated command injection vulnerabilities in its Apex One endpoint security platform. Adobe also released an emergency update for Adobe Experience Manager Forms to address critical vulnerabilities, while Microsoft urged administrators to address a severe security hole in Exchange. 

Categories: Cybersecurity Events, AI Risk Management, Vulnerabilities and Exploits 

Tags: Black Hat USA 2025, AIBOMs, AI Risk Management, Security Tooling, Post-Quantum Cryptography, Ransomware Attacks, Autonomous Malware Detection, Firmware Vulnerabilities, Command Injection, Security Update