VulnHub

Real-time Cybersecurity News

Marquis blames ransomware breach on SonicWall cloud backup hack

BleepingComputer
Actively Exploited
RansomwareExploitData Breach

Overview

Marquis Software Solutions, a financial services provider based in Texas, has linked a ransomware attack that compromised its systems in August 2025 to a subsequent security breach involving SonicWall's cloud backup services. This incident impacted several U.S. banks and credit unions, raising concerns about the security of financial data and the potential for widespread disruption in banking services. The breach reportedly allowed attackers to exploit vulnerabilities in SonicWall's systems, leading to the ransomware attack on Marquis. This situation not only emphasizes the interconnected nature of cybersecurity risks but also highlights the importance of robust security measures for third-party services that handle sensitive financial information. As organizations increasingly rely on cloud solutions, ensuring their security is crucial to protect against similar incidents in the future.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Marquis Software Solutions, SonicWall cloud backup services, U.S. banks, credit unions
  • Action Required: Organizations should review and strengthen their cloud backup security measures, apply any available patches from SonicWall, and conduct thorough security audits.
  • Timeline: Disclosed in September 2025

Original Article Summary

Marquis Software Solutions, a Texas-based financial services provider, is blaming a ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 on a security breach reported by SonicWall a month later. [...]

Impact

Marquis Software Solutions, SonicWall cloud backup services, U.S. banks, credit unions

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Disclosed in September 2025

Remediation

Organizations should review and strengthen their cloud backup security measures, apply any available patches from SonicWall, and conduct thorough security audits.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Exploit, Data Breach.

Read Original Article

Related Coverage

Owner of Incognito dark web drugs market gets 30 years in prison

BleepingComputer

A Taiwanese man has been sentenced to 30 years in prison for running Incognito Market, a major dark web platform that facilitated the sale of over $105 million in illegal drugs globally. The market operated for several years, connecting buyers and sellers in a largely anonymous online environment. Authorities have emphasized the significance of this case in combating the proliferation of illegal drug trade online. The sentencing serves as a stern warning to others involved in similar activities, highlighting the ongoing efforts to dismantle dark web marketplaces that contribute to the trafficking of narcotics. This incident underscores the challenges law enforcement faces in regulating online criminal activities and the need for continued vigilance in cybersecurity measures.

Feb 4, 2026

Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil

darkreading

Recent vulnerabilities in Google Looker have raised serious concerns about security, particularly regarding cross-tenant remote code execution (RCE) and data exfiltration. Attackers could exploit these flaws to gain access to environments of other Google Cloud Platform (GCP) tenants by leveraging a compromised Looker user account. This means that sensitive data from multiple organizations could potentially be at risk, making it a significant threat for businesses relying on GCP services. The findings underscore the need for users and companies to review their security practices and ensure that they are protected against unauthorized access. As vulnerabilities like these can lead to major data breaches, prompt action is essential to safeguard sensitive information.

Feb 4, 2026

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

The Hacker News

The article discusses how the initial moments of an incident response can significantly impact the outcome of an investigation. It emphasizes that many failures in incident response are not due to a lack of tools or expertise but rather the decisions made immediately after detecting an incident. High-pressure situations and incomplete information can lead teams to lose control over their investigations, even when they have the capability to manage the intrusion effectively. The author shares experiences of both successful recoveries and failures, underscoring the need for clear protocols and calm decision-making during the critical first 90 seconds after an incident is detected. This insight is essential for organizations looking to improve their incident response processes.

Feb 4, 2026

Avast brings deepfake scam detection to Windows PCs and mobile devices

Help Net Security

Avast has rolled out two new security features aimed at detecting scams involving deepfake technology. The Avast Scam Guardian and Scam Guardian Pro are now available for mobile devices, while the Avast Deepfake Guard is launched for Windows PCs. This AI-driven tool is designed to analyze and identify harmful audio that could be embedded within video content. The goal is to enhance protection for users against various scam tactics that can occur through text messages, phone calls, and video platforms. These updates are particularly relevant as the rise of deepfakes poses a growing risk to online security, making it essential for users to have reliable tools to safeguard against such threats.

Feb 4, 2026

Security Analysis of Moltbook Agent Network: Bot-to-Bot Prompt Injection and Data Leaks

SecurityWeek

Wiz and Permiso have discovered significant security vulnerabilities in the Moltbook Agent Network, which is an AI agent social network. Their analysis reveals that bot-to-bot prompt injection attacks could allow malicious bots to manipulate other bots, leading to unauthorized actions or data leaks. This poses a risk to users relying on these AI agents for various tasks, as sensitive information could be compromised. The findings indicate that these vulnerabilities could be exploited by attackers to gain control over the network and access confidential data. As AI technologies become more prevalent, it is crucial for developers to address these security flaws to protect users and maintain trust in AI systems.

Feb 4, 2026

Global Threat Map: Open-source real-time situational awareness platform

Help Net Security

The Global Threat Map is an open-source initiative designed to provide security teams with real-time visibility of cyber incidents worldwide. It aggregates various open data feeds into an interactive map that displays key indicators like malware spread, phishing attempts, and attack traffic based on geographic location. Unlike traditional threat maps, which are often produced by security vendors, this project relies on community contributions to maintain and update the data. This platform is particularly valuable for organizations looking to enhance their situational awareness and respond to emerging threats more effectively. By utilizing open-source data, it fosters collaboration among security professionals and helps them stay informed about the latest cyber activities that could impact their operations.

Feb 4, 2026