https://www.sonicwall.com/support/
Updated
September 22, 2025

Description

SonicWall’s security teams recently detected suspicious activity targeting the cloud backup service for firewalls, which we confirmed as a security incident in the past few days.

Our investigation found that threat actors accessed backup firewall preference files stored in the cloud for fewer than 5% of our firewall install base. While credentials within the files were encrypted, the files also included information that could make it easier for attackers to potentially exploit the related firewall.

We are not presently aware of these files being leaked online by threat actors. This was not a ransomware or similar event for SonicWall, rather this was a series of brute force attacks aimed at gaining access to the preference files stored in backup for potential further use by threat actors.

TIP: Learn more by watching this helpful video guide here
Affected Products:

SonicWall Firewalls with preference files backed up in MySonicWall.com

Due to the sensitivity of the configuration files, we highly encourage customers to take the following steps immediately:

Log in to your MySonicWall.com account and verify if cloud backups exist for your registered firewalls: 
    If fields are blank (Figure 1): You are NOT at risk.
    A screenshot of a computer AI-generated content may be incorrect.
    Figure 1 – Does Not Contain Backup

    If fields contain backup details (Figure 2): Please continue reading.
    Image
    Figure 2 – Contains Backups

Verify whether impacted serial numbers are listed in your account. Upon login, navigate to Product Management | Issue List, the affected serial numbers will be flagged with information such as Friendly Name, Last Download Date and Known Impacted Services.
Image

    If Serial Numbers are shown: the listed firewalls are at risk and should follow the containment and remediation guidelines: Essential Credential Reset
    NOTE: Impacted Services should be used for general guidance only.  The services listed were identified as being enabled and should be immediately reviewed.  ALL SERVICES WITH CREDENTIALS THAT WERE ENABLED AT, OR BEFORE, THE TIME OF BACKUP SHOULD BE REVIEWED FOR EACH SERIAL NUMBER LISTED. 
    If you have used the Cloud Backup feature but no Serial Numbers are shown or only some of your registered Serial Numbers: 
            SonicWall will provide additional guidance in coming days to determine if your backup files were impacted.
            Please check back on this page for this additional information: MySonicWall Cloud Backup File Incident

Technical Containment and Mitigation Documentation can be found at:

Essential Credential Reset
Remediation Playbook

NOTE: Use the SonicWall Online Tool to identify services that require remediation. Follow the on-screen instructions to proceed. (UPE Mode is not supported.)

We have a dedicated support service team available to help you with any of these changes. If you need any assistance, please login to your MySonicWall account and open a case with our Support team. You can access your account at: https://www.mysonicwall.com/muir/login.
Change Log:

2025-9-17 4:40 AM PDT: Initial publish.
2025-9-17 2:45 PM PDT: Minor formatting update.
2025-9-17 8:45 PM PDT: Revised incident disclosure text to clarify scope (<5% of firewalls), encrypted credentials, no known leaks, and brute-force (not ransomware) attack.
2025-9-18  5:38 AM PDT: Changed formatting and provided detailed steps with screenshots.
2025-9-18  9:19 AM PDT: Updated guidance steps, navigation screenshots, and note clarifying review of impacted services.
2025-9-18 4:30 PM PDT: Updated KB text and image to clarify affected products, provide step-by-step backup verification instructions, and replace figures showing when backups are or are not present.
2025-9-19 1:15 PM PDT: No updates at this time.
2025-9-20 9:15 AM PDT: Added a Tip with a video guide and a Note linking to the SonicWall online tool for firewall configuration analysis and remediation guidance.
2025-9-22 8:20 AM PDT: No updates at this time.

Elle estimait que la société chargée du renouvellement de ses serveurs informatiques avait failli dans sa mission.

Veeam Backup Enterprise Manager Authentication Bypass

CVE-2023-45498/CVE-2023-45499 advisory

A ransomware affiliate is targeting publicly exposed Veritas installations to gain access to organizations.

Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.

Apple has launched its recent major security updates to the whole world.

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

Apple has announced three new security features that will help protect logins, iMessage conversations, and data snyced by iCloud.

Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, Photos, Notes, and more.