Cybersecurity vendor SonicWall has confirmed a state-sponsored threat actor breached its systems by exploiting an API call, exposing the firewall configuration files of every customer who used its MySonicWall cloud backup service.
Japanese media giant Nikkei Inc. has disclosed a data breach affecting over 17,000 individuals after attackers infiltrated its Slack workspace using credentials stolen via infostealer malware on an employee’s personal computer, exposing names, emails, and chat histories.
U.S. prosecutors have charged three cybersecurity professionals for their alleged role in BlackCat ransomware attacks. The accused, formerly of Sygnia and DigitalMint, allegedly exploited insider access to extort clients, exposing a serious insider threat and need for stronger industry oversight.
Cybersecurity vendor SonicWall has confirmed a state-sponsored threat actor breached its systems by exploiting an API call, exposing the firewall configuration files of every customer who used its MySonicWall cloud backup service.
Cyber News Centre’s cyber update for 7th November 2025: Cybersecurity vendor SonicWall has confirmed that a state-sponsored threat actor was behind a significant security breach in September, resulting in the theft of sensitive firewall configuration files for all customers using its cloud backup service.
The breach, which was investigated by cybersecurity firm Mandiant, was isolated to a specific cloud environment and did not impact SonicWall's core products or internal networks.
The Update: SonicWall’s investigation, concluded this week, confirmed the attack was a highly targeted operation by a nation-state group that exploited an API call to gain unauthorised access. The company's public disclosures evolved over time; an initial mid-September report stated that less than 5% of customers were affected, but this was corrected in October to confirm that all customers of the MySonicWall cloud backup service had their configuration files stolen.
These files contain a "treasure trove of sensitive data, including firewall rules, encrypted credentials, routing configurations and more," according to security experts. In response, SonicWall has urged all customers to reset passwords, released analysis and reset tools, and appointed a new Chief Information Security Officer as part of a broader "Secure by Design" initiative to harden its infrastructure.
Why It Matters: This breach is a critical reminder of the sophisticated and persistent threat posed by state-sponsored actors targeting the global technology supply chain. By compromising a major security vendor, attackers can acquire the tools and data needed to launch highly targeted follow-on attacks against that vendor's customers. The incident highlights the increasing focus of nation-state actors on edge security providers and the small-to-medium-sized businesses they protect. The Australian Cyber Security Centre (ACSC) recently warned that such actors
"regularly conduct malicious activities against...networks that possess information of value," and are known for their "rapid exploitation of security vulnerabilities."
The SonicWall breach, stemming from a single compromised API, demonstrates that even robust security postures can be undermined, reinforcing the need for continuous vigilance, immediate patching, and a zero-trust approach to network architecture.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Japanese media giant Nikkei Inc. has disclosed a data breach affecting over 17,000 individuals after attackers infiltrated its Slack workspace using credentials stolen via infostealer malware on an employee’s personal computer, exposing names, emails, and chat histories.
The Australian Signals Directorate (ASD) has issued a critical alert regarding the BADCANDY malware, which is actively exploiting a Cisco vulnerability to compromise hundreds of devices across Australia. The non-persistent web shell allows attackers to reinfect unpatched systems repeatedly.
183 million credentials, including confirmed Gmail login details, has been added to the Have I Been Pwned database. The data, sourced from infostealer malware logs, highlights the persistent threat of credential-stealing software and the critical need for multi-factor authentication and passkeys.
US pharmacy benefit manager MedImpact Healthcare Systems has confirmed a ransomware attack by the prolific Qilin gang. The group claims to have exfiltrated 160GB of data, including financial operation details and claims reports, raising significant concerns for the healthcare sector.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
