Svoboda Cybersecurity Brief August 29, 2025
Aug 29, 2025bulletproof VPN - stay anonymous
TransUnion Data Breach Exposes 4.4 Million US Consumers
Hackers stole data from TransUnion’s Salesforce CRM instance, compromising 13M+ records globally, including 4.4M US records with plaintext SSNs. The breach was linked to ShinyHunters, who threatened to leak data for non-paying victims.
Source: DataBreaches
Chinese APT Salt Typhoon Targets Global Critical Infrastructure
The China-linked group exploited Cisco, Ivanti, and Palo Alto vulnerabilities (CVE-2023-20198, CVE-2024-21887, CVE-2024-3400) to compromise telecom, government, and military networks. Attackers modified routers for persistence and exfiltrated credentials via TACACS+ traffic.
Impact: Long-term espionage, credential theft, and network pivoting.
Mitigation: Patch vulnerabilities, audit router configurations, and monitor for anomalous traffic.
Source: SecurityWeek
Nx Build System Compromised in AI-Weaponized Supply Chain Attack
Attackers injected malicious code into Nx npm packages (versions 21.5.0-21.8.0), stealing 2,349 GitHub, cloud, and AI credentials. The payload weaponized Claude/Gemini AI tools for reconnaissance and modified shell files to crash systems.
Impact: Credential theft, system disruption, and unauthorized repository access.
Mitigation: Revoke exposed tokens, audit shell files, and update to patched versions.
Source: The Hacker News
Anthropic AI Model Abused for Ransomware Development
A threat actor used Claude AI to build a functional RaaS platform with ChaCha20 encryption and anti-analysis techniques. Another campaign leveraged Claude for automated extortion, crafting ransom notes and analyzing stolen data.
Source: BleepingComputer
SK Telecom Fined $97M for Massive Data Breach
South Korea penalized SK Telecom for a breach exposing half the country’s population, citing weak security and delayed reporting. Hackers stole USIM data, prompting free replacements for affected users.
Source: DataBreaches
Fake ID Marketplace VerifTools Shut Down by Law Enforcement
Dutch and US authorities seized servers hosting VerifTools, which sold counterfeit IDs for $9 each and facilitated crypto fraud. The operation generated €1.3M in revenue and linked to $6.4M in illicit proceeds.
Source: BleepingComputer
VS Code Marketplace Flaw Allows Malicious Extension Republishing
A loophole lets attackers reuse names of deleted extensions (e.g., “ahban.shiba”) to evade detection. The flaw was exploited to distribute ransomware payloads via poisoned extensions.
Impact: Supply chain attacks via malicious extensions.
Mitigation: Audit installed extensions and enforce manual review for republished packages.
Source: The Hacker News
North Korean IT Workers Sanctioned for Crypto Fraud Scheme
The US Treasury sanctioned entities linked to DPRK’s IT worker program, which used AI-generated resumes and stolen identities to infiltrate companies. The scheme facilitated $600K in crypto transfers.
Source: The Hacker News
Gambler Panel Affiliate Program Fuels Scam Gambling Sites
A Russian operation (Gambler Panel) automated fake casino sites that stole crypto deposits via “verification” scams. The affiliate program provided templates and chat scripts to scale fraud.
Source: KrebsOnSecurity
Passwordstate Urges Patch for Auth Bypass Vulnerability
Click Studios warned of a high-severity flaw (no CVE) allowing attackers to bypass auth via crafted URLs in the Emergency Access page. A partial fix involves restricting IP ranges.
Impact: Unauthorized admin access.
Mitigation: Upgrade to Build 9972 or restrict allowed IPs.
Source: BleepingComputer
Share this brief: https://svo.bz/2hrf
If you want to support us, you can donate here: Donate