![Cybersecurity News | Daily Recap [29 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [29 Aug 2025]")
Recent cybersecurity developments highlight a wave of cloud and third-party breaches, including OAuth token theft impacting Salesforce and Google Workspace, linked to supply-chain attacks such as TransUnion data leaks. Additionally, threat actors are shifting towards cloud-focused ransomware attacks like Storm-0501, while critical vulnerabilities are prompting urgent patches across multiple platforms. #SalesloftOAuth #Storm0501 #BigSleep #FreePBXZeroDay #ShadowSilk
Cloud & Third-party Breaches
- A widespread theft of OAuth tokens via Salesloft integrations exposed sensitive Salesforce and Google Workspace data and links to supply-chain attacks that coincide with a TransUnion breach impacting roughly 4.4 million customers’ personal data – Salesloft OAuth, Salesloft Drift, TransUnion Breach
Ransomware & State Incidents
- Ransomware gangs are shifting to cloud-focused attacks—Microsoft links actor Storm-0501 to large-scale cloud data theft and destructive backup deletion—while a separate incident caused multi-day disruptions across Nevada state services including DMV and health agencies under CISA response – Cloud Ransomware, Nevada Attack
Vulnerabilities & Patches
- Multiple critical flaws received urgent fixes this week: Google patched an ANGLE use‑after‑free discovered by AI tool Big Sleep, FreePBX saw an actively exploited zero‑day with an emergency patch, Passwordstate got fixes for an authentication‑bypass, and researchers warned of a VS Code Marketplace flaw that could enable extension supply‑chain hijacks – Big Sleep, FreePBX Zero-Day, Passwordstate Patch, VS Code Flaw
Malware & AI-enabled Attacks
- Research uncovered diverse campaigns: the TamperedChef trojan spread via fake PDF editors to steal credentials and cookies, new Android banker SikkahBot targets students in Bangladesh, espionage group ShadowSilk continues strikes on Central Asian governments, and studies show AI (eg. Claude, ScamAgent) can be abused to build ransomware and scalable voice‑scam operations – TamperedChef, SikkahBot, ShadowSilk, ScamAgent AI, Claude Abuse
Law, Sanctions & Takedowns
- International enforcement actions continue: authorities dismantled the VerifTools fake‑ID marketplace and seized servers/domains, German prosecutors charged a suspect over the Rosneft Deutschland cyberattack, and the U.S. sanctioned networks tied to North Korean overseas IT worker schemes used for illicit cyber operations – VerifTools Seized, Rosneft Charges, DPRK Sanctions
Regulation & Governance
- India’s regulator SEBI clarified the scope of its CSCRF, emphasizing that the framework covers systems used for SEBI‑regulated activities and promotes zero‑trust, disaster recovery, and standardized cyber resilience benchmarks – SEBI CSCRF
Security Guidance & Product News
- Operational security updates and guidance: Microsoft will enforce MFA for all Azure resource management in October and enable default cloud autosave in Word, while security teams are urged to gain network visibility of generative AI traffic and adopt third‑party backups and code‑to‑cloud mapping to reduce data‑leak and supply‑chain risk – Azure MFA, Word Autosave, AI Visibility, SaaS Backups, Code-to-Cloud