Daily Briefing for 05.30.25

At a glance.

• SentinelOne restores service following major outage.
• ConnectWise investigates suspected nation-state hack.
• Australian law requires ransomware victims to report payments.

SentinelOne restores service following major outage.

Security firm SentinelOne sustained a widespread outage yesterday that prevented customers from accessing their consoles used to monitor threats. BankInfoSecurity says the outage affected all of SentinelOne's products, including its endpoint, XDR, cloud security, identity, data lake, threat intelligence and vulnerability management services. The security products continued working in the background, but managed response services did have visibility into threat data reporting for several hours. The company restored service yesterday afternoon. SentinelOne is investigating the issue, but does not believe it was caused by an attack.

ConnectWise investigates suspected nation-state hack.

IT management software provider ConnectWise has disclosed "suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers." ScreenConnect is a popular remote management and access tool. The company has retained Mandiant to investigate and is working with law enforcement.

BleepingComputer cites ScreenConnect customers as saying the incident is linked to a high-severity code injection vulnerability (CVE-2025-3935) that was patched on April 24th. ConnectWise hasn't confirmed these details, but stated, "As part of our work with Mandiant, we patched ScreenConnect and implemented enhanced monitoring and hardening measures across our environment."

Australian law requires ransomware victims to report payments.

Australia has enacted a law requiring certain companies to report ransomware payments to the Australian Signals Directorate (ASD) within seventy-two hours, the Record reports. The law applies to companies with an annual turnover greater than AU$3 million (around 6.5% of all registered businesses in Australia), as well as some smaller entities in critical infrastructure sectors.

The legislation, which is part of Australia's Cyber Security Act 2024, goes into effect today, but the Department of Home Affairs says it will take an "education-first approach" until the end of the year: "During this phase, the Department would aim to pursue regulatory action only in cases of egregious non-compliance against businesses that report on incidents, to not take capacity away from impacted entities during the initial incident response phase."