![Cybersecurity News | Daily Recap [30 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [30 Aug 2025]")
Cybersecurity threats are increasingly driven by AI misuse, sophisticated phishing operations, and disrupted ransomware activities, highlighting evolving attack techniques and law enforcement efforts. Key incidents include AI-powered cybercrime using Claude and Salesloft, targeted supply-chain phishing, and the fragmentation of ransomware gangs like Chaos, alongside high-profile breaches and nation-state activities involving APT29 and Salt Typhoon. #ClaudeAI #SalesloftTheft #APT29 #SaltTyphoon
AI & Automation Abuse
- AI-powered tools are being weaponized to automate complex attacks and lower barriers to cybercrime, with abuse of the Claude chatbot and compromises of AI agents leading to large-scale automated intrusions and token theft – Claude Abuse, Salesloft Theft, AI Used
Phishing & Scams
- A sophisticated campaign is targeting industrial and supply-chain firms using trusted “Contact Us” forms and fake NDAs to deliver malicious ZIPs with PowerShell and DNS TXT tunneling for C2 – Phishing Forms
- Payment-validation weaknesses enabled scammers to spoof a city vendor and steal $1.5 million, highlighting gaps in vendor verification – Baltimore Fraud
Ransomware & Fraud
- The ransomware landscape is fragmenting as takedowns and leaked code spawn many smaller groups and rebrands, complicating law enforcement efforts and fueling rapid proliferation – Ransomware Flux
- The Salvation Army disclosed a May breach that may have leaked Social Security numbers and is linked to claims by the Chaos ransomware group, with victims offered credit monitoring – Salvation Breach
Vulnerabilities & Exploits
- WhatsApp addressed a critical zero-click vulnerability (CVE-2025-55177) exploited in targeted attacks—patched across iOS/macOS and connected to a separate Apple zero-day (CVE-2025-43300) – WhatsApp Patch, WhatsApp Patch
- Researchers disclosed a Sitecore exploit chain involving cache poisoning plus RCE that can compromise fully patched systems, urging immediate patching – Sitecore Exploit
- Adversaries are abusing legit tooling—like Velociraptor and remote access platforms—to deploy VS Code for covert C2 tunneling and credential/ransomware operations, underscoring living-off-the-land tactics – Velociraptor Abuse
Nation-state Activity
- Amazon disrupted an opportunistic watering-hole campaign attributed to Russia-linked APT29 that used compromised sites and social engineering to steal Microsoft credentials – APT29 Watering
- Chinese-linked Salt Typhoon hit smaller Dutch ISPs and hosting providers, accessing routers (not internal networks) and raising European concerns about state-backed cyber espionage and resilience – Salt Typhoon
- Nation-state effects also noted in broader reporting on hacked Iranian ships and continued espionage activity, reinforcing the need for maritime and national resilience – Iranian Ships
Patches & Fixes
- Microsoft released the optional Windows 11 KB5064081 preview for 24H2 with feature tests and Task Manager CPU-metric fixes ahead of full Patch Tuesday rollouts – Windows Update
- Microsoft also fixed a CertificateServicesClient enrollment bug (false errors) tied to an in-development feature, with a wider rollout expected in weeks – CertEnroll Fix
Takedowns & Disruptions
- US and Dutch law enforcement seized the infrastructure of VerifTools, a major fake-ID marketplace that generated an estimated > $6 million in illicit sales, disrupting document fraud trafficking – VerifTools Takedown
- Private- and public-sector disruptions—such as Amazon’s interference with APT29 and wider takedown actions—are creating short-term gains but also contributing to the ransomware group fragmentation noted above – APT29 Watering, Ransomware Flux