SonicWall discloses breach of its cloud backup service.

Summary

By the CyberWire staff

SonicWall discloses breach of its cloud backup service.

SonicWall is warning customers to reset their credentials following a breach affecting its cloud backup service for firewalls, SecurityWeek reports. The company stated, "Our investigation found that threat actors accessed backup firewall preference files stored in the cloud for fewer than 5% of our firewall install base. While credentials within the files were encrypted, the files also included information that could make it easier for attackers to potentially exploit the related firewall. We are not presently aware of these files being leaked online by threat actors. This was not a ransomware or similar event for SonicWall; rather, this was a series of brute force attacks aimed at gaining access to the preference files stored in backup for potential further use by threat actors."

SonicWall is notifying affected customers and will provide them with fresh preferences files. SonicWall users who have cloud backups enabled should follow the company's guidance to mitigate their potential exposure.

Control what runs in your environment. Reduce your attack surface.

ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.

Insight Partners notifies individuals affected by data breach.

New York-headquartered venture capital giant Insight Partners is notifying thousands of individuals that their personal information was breached during a ransomware attack that took place in January 2025, TechCrunch reports. In a breach notification filed with the Maine Attorney General's Office, the firm said the breach affected more than 12,000 people.

The company hasn't disclosed what specific types of information were stolen, but earlier said the hackers accessed financial and personal data belonging to current and former employees as well as limited partners. TechCrunch notes that this may include "private and unnamed investors who help provide capital to Insight’s venture funds."

Are You Future Ready? Secure Your Machine Future With Confidence.

CyberArk is the leader behind the world’s most comprehensive machine identity security solution. With capabilities that span secrets, certificate management and workload identities, we enable customers to secure more machine identity use cases with the right level of privilege control. Find out exactly how we’re helping modern organizations secure their machine future.

UK charges two teens over 2024 Transport for London hack.

The UK has charged two teenagers for their alleged involvement in an August 2024 cyberattack against Transport for London (TfL), the Register reports. The defendants are eighteen-year-old Owen Flowers from Walsall and nineteen-year-old Thalha Jubair from East London. The two teens are accused of being part of the Scattered Spider criminal group.

The UK's National Crime Agency stated, "Both will appear at Westminster Magistrates Court today (18 September), after the Crown Prosecution Service authorised [that] they be charged with conspiring together to commit unauthorised acts against TfL, under the Computer Misuse Act. Flowers was initially arrested for the TfL attack on 6 September 2024, at which point NCA officers identified further potential evidence of offending against US healthcare companies. Therefore, Flowers has today also been charged with conspiring with others to infiltrate and damage the networks of SSM Health Care Corporation and attempting to do the same to Sutter Health’s networks, both based in the US. Jubair has been additionally charged under RIPA for failing to disclose the pin or passwords for devices seized from him."

Notes.

Today's issue includes events affecting , and the United Kingdom the United States.

Attacks, Threats, and Vulnerabilities

China-backed attackers spoof Congressman for US trade data (The Register) Proofpoint spots efforts to spy on US economic policy nerds

CountLoader: Silent Push Discovers New Malware Loader Being Served in 3 Different Versions (Silent Push) Silent Push has discovered a new malware loader that is strongly associated with Russian ransomware gangs that we are naming: “CountLoader.”

Litigation, Investigation, and Law Enforcement

NCA Singles Out “The Com” as it Chairs Five Eyes Group (Infosecurity Magazine) The UK’s National Crime Agency is the new chair of the Five Eyes Law Enforcement Group

Police cameras tracked one driver 526 times in four months, lawsuit says (NBC News) Flock Safety says it has become “the largest public-private safety network” in the country.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

DMV Rising '25 (Washington, DC, USA, Sep 18, 2025) Join us on September 18, 2025 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.

HackAICon 2025 (Lisbon, Portugal, Sep 25, 2025) The first conference dedicated to combining AI and Ethical Hacking. We're bringing together OffSec pros, hackers, and leading researchers to find practical ways of using AI to secure the internet. Learn about the latest AI Hacking cosmic trends and connect with fellow professionals in engaging conversations. We banned sales pitches from the event - just knowledge sharing, leadership and technical insights.

Open Source Security Summit 2025 (Virtual, Sep 25, 2025) The sixth annual Open Source Security Summit brings together business leaders, industry visionaries, and technology users to chart a path forward and highlight the future of open source security solutions at this free virtual event. Register now to explore advancements in open source security and how using open source tools can build trust with customers and consumers.

Don’t miss Jen Easterly, former CISA Director, headlining HIP Conf 25 (Charleston, SC, USA, Oct 7 - 9, 2025) Jen Easterly, former CISA Director, keynotes HIP Conf 2025. A globally recognized cybersecurity leader, Easterly brings unmatched insight into hybrid identity security and resilience. Register now for this must-attend event.

Uniting Women in Cyber 2025 (Crystal City, Virginia, USA, Oct 9, 2025) UWIC is the premier event for cybersecurity leaders, professionals, and aspiring practitioners. Connect with a vibrant community focused on emerging global trends, technological advancements, and workforce development. Attend UWIC 2025 to learn, share ideas, and expand your professional network!

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 09.18.25

Top stories.

SonicWall discloses breach of its cloud backup service.

Insight Partners notifies individuals affected by data breach.

UK charges two teens over 2024 Transport for London hack.

Notes.

Attacks, Threats, and Vulnerabilities

Litigation, Investigation, and Law Enforcement

Events