Fintech firm Marquis is seeking compensation from SonicWall after a breach at the firewall provider exposed critical data, enabling hackers to steal customer information during a ransomware attack. Marquis confirmed that it stored a backup of its firewall configuration in SonicWall's cloud, linking the two incidents. SonicWall has requested evidence to support Marquis' claims.

A surge in Akira ransomware attacks targeting SonicWall SSL VPN connections has been observed since mid-July 2025, primarily exploiting unpatched versions of SonicOS. Attackers gain unauthorized access, often bypassing Multi-Factor Authentication (MFA), and can quickly escalate to data encryption and exfiltration within hours. SonicWall has issued patches for a critical zero-day vulnerability, but many devices remain vulnerable as of 2025.

Ongoing Akira ransomware attacks are successfully breaching SonicWall SSL VPN accounts even with one-time password (OTP) multi-factor authentication enabled. This exploitation is linked to previously stolen OTP seeds and an improper access control vulnerability (CVE-2024-40766), prompting SonicWall to recommend that administrators reset VPN credentials and ensure devices are running the latest firmware.