Akira ransomware surge tied to suspected SonicWall zero‑day; SharePoint exploitation fuels intrusions; market shifts and policy ripples

Since the prior update, defenders reported a spike in Akira ransomware activity potentially linked to a new vulnerability in SonicWall devices, while state-linked and criminal actors continued mass exploitation of Microsoft SharePoint in live intrusions. In parallel, noteworthy developments include a DOJ settlement with Illumina over alleged sales of vulnerable systems, industry warnings on Scattered Spider’s evolving tradecraft, consolidation with Palo Alto Networks’ proposed $25B acquisition of CyberArk, and federal policy moves around AI security—all shaping near-term defensive priorities.

Akira campaigns and the SonicWall appliance exposure

Researchers tracking Akira operations reported a marked increase in compromises aligned with suspected exploitation of an unpatched vulnerability affecting SonicWall devices, with indications the flaw may be used at scale against internet-exposed edge systems. Attack sequences reportedly follow a pattern of gaining footholds via the edge, staging toolsets for discovery and credential access, then pivoting to encrypt on-prem and hybrid assets.

Technical tradecraft observed

Post-compromise activity attributed to Akira commonly includes living-off-the-land techniques (e.g., native Windows tooling), rapid account discovery, and targeted data staging prior to encryption. Defense-in-depth controls at the edge remain critical: strict patch and hotfix hygiene for security appliances, MFA with phishing-resistant methods, network segmentation between edge and identity infrastructure, and alerting tuned to anomalous lateral movement and mass file-touch behaviors.

Detection and mitigation actions

• Inventory and rapidly patch or mitigate all SonicWall perimeter devices; apply vendor interim guidance where patches are pending.
• Harden management planes: disable WAN management, enforce strong auth, restrict admin interfaces to management VLANs or jump hosts, and rotate credentials after suspected exposure.
• Monitor for unusual VPN logins, new local admin creation on appliances, and configuration changes outside change windows.
• Hunt for ransomware precursors: credential dumping artifacts, sudden SMB enumeration, and shadow copy deletions.

SharePoint exploitation drives intrusions and extortion

Concurrently, multiple organizations reported compromises stemming from exploited Microsoft SharePoint vulnerabilities, with at least one incident progressing to a ransom demand following the initial intrusion. The campaign targets internet-accessible SharePoint servers with weak patch posture and limited WAF or reverse-proxy hardening, enabling web shell drop, privileged escalation within the SharePoint farm, and subsequent domain discovery.

SharePoint hardening priorities

• Patch SharePoint farms to the latest cumulative updates and security fixes; validate that mitigation scripts for actively exploited CVEs are applied.
• Constrain upload and script execution paths; disable unnecessary legacy features and custom code where feasible.
• Instrument for web shell detection: baseline content directories, enable Antimalware Scan Interface scanning, and alert on anomalous file writes in ASPX/ASMX/ASCX locations.
• Place SharePoint behind application firewalls with virtual patch rules; enforce TLS mTLS where possible for admin paths.

Scattered Spider’s evolving techniques

Information-sharing groups warned members about the continued threat from Scattered Spider, highlighting the group’s agility in social engineering, SIM-swapping, identity provider abuse, and rapid operational tempo. Organizations should review help desk identity proofing, out-of-band verification for MFA resets, telecom port-out protections, and least-privilege controls on IdP admin roles.

Legal, market, and policy signals

The Department of Justice announced a $9.8 million settlement with Illumina tied to whistleblower allegations that it sold systems with known software vulnerabilities to federal agencies, underscoring vendor accountability pressures and the importance of secure-by-design commitments across the supply chain.

In market consolidation news, Palo Alto Networks agreed to acquire CyberArk for approximately $25 billion, a move likely to reshape identity security by more tightly coupling privileged access management, secrets, and machine identity protection with network and cloud security platforms. This could accelerate integrated identity threat detection and response and expand protections for non-human identities used by automation and AI agents.

Policy developments included proposals to expand AI-related cybersecurity assessments and threat information sharing, alongside questions about implementation capacity given staffing constraints across federal cyber agencies. Organizations leveraging generative AI should expect increased emphasis on AI bill-of-materials, model and data supply chain security, and red-teaming of agentic workflows.

What security teams should do now

• Prioritize edge appliance risk reviews, focusing on SonicWall fleets: patch levels, exposure, and management-plane isolation.
• Accelerate SharePoint hardening and monitoring; validate web shell detection and incident response runbooks specific to SharePoint farms.
• Reassess identity threat surfaces: enforce phishing-resistant MFA, restrict IdP privileges, and enable continuous session risk evaluation.
• Prepare for integrated identity-security stacks as consolidation advances; plan for secrets governance across human and machine accounts.
• Track AI security controls: prompt injection defenses, data exfiltration guardrails, and agent permission scoping.

Attackers weaponize fake Microsoft OAuth apps; Dollar Tree denies link in claimed 99 Cents Only data theft

Threat actors intensified use of fraudulent Microsoft OAuth applications to bypass MFA and steal Microsoft 365 credentials and data, while the INC Ransom group claimed a 1.2 TB breach it associated with Dollar Tree—assertions the retailer rejected, stating the data pertains to the defunct 99 Cents Only chain. Both cases highlight risks from cloud consent phishing and residual data exposure following asset acquisitions.

Cloud consent phishing via fake OAuth apps

Researchers warned that adversaries are distributing phishing emails that drive targets to grant consent to malicious OAuth applications impersonating brands like RingCentral and SharePoint. Once consent is granted, attackers obtain persistent API access tokens enabling mailbox and file access without repeatedly defeating MFA, often leveraging well-scoped permissions that evade coarse-grained alerting.

Tradecraft and indicators

• Use of typosquatted publisher names and app branding to mirror legitimate services.
• Consent prompts requesting scopes such as Mail.Read, Files.ReadWrite, offline_access, and User.Read, enabling long-lived refresh tokens.
• Abuse of legacy or permissive tenant consent policies allowing users to self-consent to risky scopes.
• Follow-on activities: mailbox rule creation, exfiltration to attacker storage, and internal thread hijacking.

Mitigations for OAuth abuse

• Disable user consent to enterprise apps by default; route consent to admin approval workflows.
• Adopt publisher verification and app consent policies that restrict to verified or tenant-owned apps; monitor for unverified app consent attempts.
• Continuously review granted app permissions; revoke suspicious service principals and refresh tokens.
• Enable conditional access for OAuth app access, including token protection and step-up authentication for sensitive scopes.
• Block legacy authentication protocols and enforce modern auth across the tenant.

INC Ransom’s claim and data ownership nuance

INC Ransom asserted it stole 1.2 TB of sensitive data it linked to Dollar Tree. The retailer stated the data set corresponds to 99 Cents Only, which shuttered operations, and clarified that while Dollar Tree acquired certain leases, IP, and equipment, the breach does not involve its employees. The episode underscores the risk of inherited or adjacent data exposures during post-bankruptcy asset transfers where datasets and infrastructure may be fragmented.

Recommended actions for M&A and asset transfers

• Conduct pre- and post-acquisition cyber due diligence covering data inventories, retention policies, and hosting locations.
• Isolate, re-credential, and re-image inherited IT assets; implement forensic triage before production integration.
• Negotiate data disposition and custodianship in asset purchase agreements, including breach notification responsibilities.
• Implement discovery tooling to identify orphaned cloud resources, exposed buckets, and abandoned SaaS tenants.

Security updates and tools: Patch cadence shifts, BloodHound 8.0 and Hashcat 7.0.0 releases, Proxmox VE 9.0 hardening

The latest cycle delivered notable security tool and platform updates: a busy late-July patch landscape that included SharePoint and Exchange fixes, the release of BloodHound 8.0 with expanded attack path management, Hashcat 7.0.0 with broader algorithm support and distributed cracking enhancements, and Proxmox VE 9.0 with networking and storage advances that warrant immediate hardening reviews.

Patch posture after late-July escalations

Following a comparatively quiet initial Patch Tuesday, two SharePoint CVEs moved to active exploitation status, driving out-of-band hotfix activity and reinforcing the need for rapid testing pipelines for collaboration-stack updates. Administrators should re-validate Exchange and SharePoint patch levels and ensure compensating controls remain in place where legacy components impede patching.

BloodHound 8.0: Attack path management upgrades

The new BloodHound release introduces substantial improvements in graph scalability, query performance, and capabilities to model and prioritize remediation of Active Directory and Azure AD attack paths. For blue teams, this accelerates identification of high-risk edges such as unconstrained delegation, shadow admin routes, and mis-scoped cloud roles. Integrating scheduled ingestions with CI for directory changes can prevent reintroduction of toxic paths.

Hashcat 7.0.0: Cracking engine advances

Hashcat’s major update expands optimized hashing algorithm coverage and improves multi-device support across CPU and GPU accelerators. Distributed cracking features and refined attack modes facilitate password audit workflows at enterprise scale. Security teams should ensure testing adheres to authorization and privacy constraints and feed results into password policy enforcement and breach password blocklists.

Proxmox VE 9.0: Enterprise virtualization considerations

Proxmox VE 9.0 brings networking and storage enhancements that can change the threat model for management and cluster planes. Operators should enforce RBAC least privilege, isolate the API and web UI on dedicated management networks, enable 2FA for admin accounts, and apply Ceph and ZFS hardening. Validate live-migration encryption and audit logs for administrative actions.

Operational takeaways

• Treat SharePoint and Exchange as priority patch assets with dedicated test-and-rollout pipelines.
• Use BloodHound 8.0 to drive measurable reductions in AD and Entra ID attack paths; track risk closure as OKRs.
• Apply Hashcat 7.0.0 in continuous password exposure testing with strict governance and safe wordlists.
• Harden Proxmox clusters before production upgrades; perform red-team validation of management-plane isolation.

AI security: Prompt injection persistence, Copilot 365 mitigations, and expectations for AI-focused cyber assessments

New reports highlight that prompt injection and data exfiltration via embedded instructions in third-party content continue to bypass guardrails in major models and agent frameworks, with similar risks demonstrated in productivity suites like Copilot 365. Policy proposals point toward formal cybersecurity assessments for AI systems and expanded threat sharing, suggesting organizations should mature AI-specific security controls now.

Prompt injection and supply-chain input risks

Demonstrations show that hostile instructions hidden in emails, documents, or websites processed by AI agents can trigger unauthorized actions such as data exfiltration or harmful tool invocation. Even with published mitigations, successful bypasses persist, indicating that model-only controls are insufficient without strict agent permissioning, input isolation, and output filtering.

Enterprise mitigations for agentic systems

• Scope agent capabilities with least privilege; require human-in-the-loop approvals for sensitive tools or data stores.
• Sandbox and sanitize third-party inputs; strip or neutralize instruction-like patterns before model ingestion.
• Apply data loss prevention to model outputs and tool calls; log and review agent actions and prompts.
• Maintain model and prompt inventories, and conduct red-teaming focused on injection, data leakage, and SSRF via tools.

Copilot 365 considerations

Researchers disclosed Copilot 365 pathways where prompt injection could influence model outputs tied to organizational data. Vendor updates reportedly mitigated key issues, but residual risk remains tied to tenant data exposure, permission sprawl, and app consent. Organizations should enforce least privilege in Microsoft 365, restrict third-party app access, and monitor Copilot interactions with high-value repositories.

Anticipating AI security governance

With federal strategies emphasizing cybersecurity assessments for AI and enhanced information sharing, enterprises should prepare for documentation of model lineage, datasets, red-team results, and bill-of-materials artifacts. Expect procurement to require attestations on model safety testing, incident reporting for AI-related breaches, and controls for non-human identities used by agents.