At a glance.
- SonicWall attributes ransomware activity to known vulnerability.
- Microsoft issues guidance on high-severity flaw affecting hybrid Exchange deployments.
- French telecom discloses data breach affecting millions of accounts.
SonicWall attributes ransomware activity to known vulnerability.
SonicWall has completed its investigation into ransomware activity targeting its firewalls with SSLVPN enabled, concluding that the attacks were tied to a known vulnerability (CVE-2024-40766) that was patched in August 2024. The company had advised customers earlier this week to disable SSLVPN while it determined whether the activity involved an unknown zero-day.
SonicWall said in a statement, "The affected population is small, fewer than 40 confirmed cases, and appears to be linked to legacy credential use during migrations from Gen 6 to Gen 7 firewalls. We’ve issued updated guidance, including steps to change credentials and upgrade to SonicOS 7.3.0, which includes enhanced MFA protections."
Microsoft issues guidance on high-severity flaw affecting hybrid Exchange deployments.
Microsoft has issued an advisory warning customers to mitigate a high-severity vulnerability (CVE-2025-53786) in Exchange Server hybrid deployments that could lead to privilege escalation, BleepingComputer reports. The company explains, "In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable traces. This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations."
Microsoft hasn't observed exploitation in the wild, but has flagged the flaw as "Exploitation More Likely." CISA
French telecom discloses data breach affecting millions of accounts.
France’s third-largest mobile operator, Bouygues Telecom, has disclosed a cyberattack that compromised data belonging to 6.4 million customer accounts, the Record reports. The company says affected customers "have received or will receive an email or text message to inform them, and our teams remain fully mobilized to support them." Bouygues has also notified France’s data protection regulator, CNIL.
Orange, France's largest telecom company, also disclosed a cyberattack last week, though it's unclear if customer information was impacted.
Neither of the attacks has been attributed to any known threat actor, but the Record notes that France's cybersecurity agency ANSSI recently warned of state-sponsored espionage attacks targeting the country's telecom sector.
