VulnHub

Real-time Cybersecurity News

Marquis: Ransomware gang stole data of 672K people in cyberattack

BleepingComputer
Actively Exploited
RansomwareData Breach

Overview

Marquis, a financial services provider based in Texas, recently reported that a ransomware attack in August 2025 compromised the personal data of over 672,000 individuals. The breach also had significant operational impacts, affecting 74 banks across the United States. The stolen data may include sensitive information, raising concerns about identity theft and privacy for those affected. This incident highlights the vulnerabilities in the financial sector and the ongoing threat posed by ransomware groups. Organizations in this space need to enhance their cybersecurity measures to protect both their operations and customer data.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Personal data of 672,000 individuals, operations of 74 banks
  • Action Required: Organizations should review their cybersecurity protocols, implement stronger data protection measures, and conduct thorough investigations to understand the breach's extent.
  • Timeline: Disclosed on [date]

Original Article Summary

Marquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States. [...]

Impact

Personal data of 672,000 individuals, operations of 74 banks

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Disclosed on [date]

Remediation

Organizations should review their cybersecurity protocols, implement stronger data protection measures, and conduct thorough investigations to understand the breach's extent.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Data Breach.

Read Original Article

Related Coverage

Ransomware gang exploits Cisco flaw in zero-day attacks since January

BleepingComputer

The Interlock ransomware gang has been actively exploiting a serious remote code execution vulnerability in Cisco's Secure Firewall Management Center (FMC) software since late January. This flaw, classified as having maximum severity, allows attackers to execute arbitrary code on affected systems, putting organizations at significant risk. Companies using this software should be particularly vigilant, as the vulnerability is being exploited in ongoing attacks. Cisco has not yet released a patch to address this issue, which raises concerns about the potential for widespread impact. Organizations relying on Cisco FMC should prioritize security measures and closely monitor any unusual activity to safeguard their networks.

Mar 18, 2026

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

The Hacker News

Amazon Threat Intelligence has issued a warning regarding an active ransomware campaign known as Interlock, which is exploiting a significant vulnerability in Cisco's Secure Firewall Management Center (FMC) Software. This vulnerability, identified as CVE-2026-20131, has a maximum severity score of 10.0 and stems from an insecure deserialization of user-supplied Java byte streams. This flaw could allow attackers to gain root access without authentication, posing a serious risk to organizations using affected Cisco products. The exploitation of this vulnerability is concerning as it enables unauthorized access, potentially leading to data breaches and system compromises. Companies using Cisco FMC Software must take immediate action to protect their systems from this ongoing threat.

Mar 18, 2026

New Ubuntu Flaw Enables Local Attackers to Gain Root Access

Infosecurity Magazine

A new vulnerability identified as CVE-2026-3888 has been discovered in Ubuntu's snap package management system, allowing local users to escalate their privileges to root access through a timing-based exploit. This flaw poses a significant risk particularly for multi-user environments, as any local user could potentially gain complete control over the affected system. Ubuntu has not specified which versions are impacted, but users running the snap package system should be aware of this vulnerability. The implications of this flaw are serious, as it could enable attackers to manipulate system settings, install malicious software, or access sensitive information. Users are advised to monitor for updates from Ubuntu and apply patches as they become available.

Mar 18, 2026

EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations

SecurityWeek

The European Union has imposed sanctions on two Chinese individuals, two Chinese companies, and one Iranian firm for their involvement in hacking operations targeting EU member states. This action reflects ongoing concerns about cyber threats linked to state-sponsored actors and their impact on national security and digital infrastructure. The sanctioned entities are believed to have contributed to cyber activities that undermine the stability and security of EU countries. By taking these measures, the EU aims to deter further malicious cyber operations and hold accountable those involved in such activities. This situation underscores the increasing vigilance by international bodies in combating cybercrime and protecting digital sovereignty.

Mar 18, 2026

Crypto Scam "ShieldGuard" Dismantled After Malware Discovery

Infosecurity Magazine

A malicious Chrome extension called ShieldGuard was discovered to be a crypto scam masquerading as a security tool. This extension primarily targeted users looking to protect their cryptocurrency wallets but instead siphoned off sensitive wallet information and drained user data. Researchers found that once installed, the extension would exploit its permissions to access and transfer funds from users' crypto wallets. This incident affects anyone who installed the ShieldGuard extension, highlighting the ongoing risks of using unverified browser extensions in the cryptocurrency space. Users are urged to be cautious and only download extensions from reputable sources to safeguard their assets.

Mar 18, 2026

New “Darksword” iOS exploit used in infostealer attack on iPhones

BleepingComputer

A new exploit kit called 'Darksword' is being used to target iPhones, particularly affecting users of cryptocurrency wallet applications. This exploit allows attackers to steal various personal information from compromised devices. The existence of Darksword raises significant concerns, especially for those who handle sensitive financial data on their mobile devices. As users increasingly rely on their phones for managing cryptocurrencies, the risk of falling victim to such attacks is growing. It’s crucial for iPhone users to stay vigilant and ensure their devices are updated to protect against these vulnerabilities.

Mar 18, 2026