Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs Threat Operations team on major threat actor groups currently operating globally. The Silver Fox threat actor group, also associated with attacks attributed to Void Arachne and Great Thief of the Valley, is a relatively new, most likely China-based threat group that has emerged as a significant player in advanced persistent threat (APT) campaigns.

A newly surfaced set of vulnerabilities in the SonicWall SMA100 series appliances has captured the attention of cybersecurity professionals. While SonicWall has released patches for CVE-2025-40596 through CVE-2025-40599, and media reports point to a surge in Akira ransomware attacks targeting SonicWall SSL VPN infrastructure, CISA has not formally confirmed exploitation of these specific vulnerabilities by Akira at this time.

Malware, as one of many cyber threats, is not some random annoyance. Yet, there is nothing polite about it. It bypasses your firewall and establishes itself in your system. Then, escalated privileges are granted, and processes are killed. If you are particularly unlucky, malware encrypts your core and sticks around like a parasite in the CI/CD. So, it’s not about chaos but orchestration. That means you’re forgetting about something.

In late July 2025, Arctic Wolf observed an increase in ransomware activity targeting SonicWall firewall devices for initial access. In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs. While credential access through brute force, dictionary attacks, and credential stuffing have not yet been definitively ruled out in all cases, available evidence points to the existence of a zero-day vulnerability.

AI is powering a new wave of ransomware. Learn how Avast stopped FunkSec's attack and how you can protect your files from evolving cyber threats. Ransomware has long been one of the most feared cyber threats on the internet, and for good reason. It’s fast, disruptive, and increasingly effective at locking up your most important files and demanding payment in exchange for their return. It’s not just businesses that get hit, either.

Most Microsoft 365 users aren’t aware of this recently growing serious email threat vector. I have been teaching about the risks of Microsoft email rules, forms and connectors on email clients and servers for decades. Both can be created by an attacker learning your email address and logon credentials (e.g., password or MFA codes).

Ransomware activity continues to increase, and Bitsight data illustrates the scale of this growth. In our State of the Underground 2025 report, Bitsight TRACE observed a nearly 25% rise in unique ransomware victims publicly listed on leak sites. Additionally, the number of leak sites operated by ransomware groups grew by 53%.

Katz Stealer seeks credentials and crypto assets, Lumma Stealer returns after a disruption, NailaoLocker ransomware targets Windows.

As companies invest in cybersecurity to avoid fines and ransomware payouts, criminals are doing the opposite by turning ransomware into a full-blown business. With ransomware as a service (RaaS), cybercriminals are building revenue streams by selling ransomware kits online. This model doesn’t require technical skills or deep knowledge of hacking.