On August 29, 2025, a report revealed that AI-powered systems can generate exploits for software vulnerabilities in under 15 minutes. Researchers used a system, dubbed Auto Exploit, leveraging large language models to create exploits for 14 different open-source software vulnerabilities.

Ransomware attacks have increased by 49% this year, with over 200 ransomware groups, 60 of which are active, operating like organized crime, according to NordStellar. Critical infrastructure is the top target, with the U.S. being the most frequently assailed region.

On August 29, 2025, Bitdefender Labs discovered a Facebook malvertising campaign spreading Brokewell spyware to Android users via fake TradingView ads. The malware steals cryptocurrencies, bypasses two-factor authentication, and accesses sensitive data.

Anthropic's report reveals cybercriminals are misusing Claude AI for cyberattacks, including ransomware and data theft. Hackers are using Claude AI to automate reconnaissance, harvest credentials, and generate ransom notes, affecting at least 17 organizations.

The U.S. Treasury Department sanctioned a Russian national and a Chinese firm for assisting North Korean IT workers using fake identities, AI, and malware. These workers were used to funnel millions back to Pyongyang, generating revenue for weapons programs.

On August 29, 2025, VirusTotal launched a new API endpoint for its Code Insight suite, designed to help malware analysts. The endpoint accepts disassembled or decompiled code snippets and returns summaries and detailed descriptions, integrating with tools like IDA Pro.

Recorded Future's H1 2025 report shows a 16% rise in disclosed CVEs, with Microsoft and edge devices as primary targets. State-sponsored actors drove over half of the exploitation, highlighting legacy and mobile malware growth and new ransomware tactics.

Generative AI platforms like ChatGPT present new data leak prevention challenges, as sensitive information may be shared through chat prompts or file uploads. Solutions like Fidelis Network Detection and Response introduce network-based data loss prevention to monitor and control GenAI use.

The Microsoft Azure Well-Architected Framework provides guidelines for implementing strict, conditional, and auditable identity and access management (IAM) across all workload users, team members, and system components. The framework emphasizes using modern industry standards for authentication and authorization.

On August 29, 2025, Microsoft released a tutorial detailing how to securely implement the Model Context Protocol (MCP) using local servers and Azure. The implementation uses Azure OpenAI with APIM Gateway, routing all AI requests through Azure API Management with Microsoft Entra ID authentication.

In late August 2025, WhatsApp patched a zero-day vulnerability (CVE-2025-55177) exploited in a cyberespionage campaign targeting WhatsApp and iPhones. Apple released iOS 18.6.2, iPadOS 18.6.2, and macOS Sequoia 15.6.1 to fix vulnerabilities, including CVE-2025-43300.

Hikvision disclosed three security vulnerabilities (CVE-2025-39245, CVE-2025-39246, CVE-2025-39247) affecting HikCentral products, allowing unauthorized command execution and administrative access. The most severe vulnerability has a CVSS score of 8.6 and affects HikCentral Professional versions V2.3.1 through V2.6.2.

On August 28, 2025, SUSE released security updates for Mozilla Firefox on SLES12 to address multiple vulnerabilities, including sandbox escapes and memory safety bugs. The updates affect Firefox Extended Support Release 140.2.0 ESR and other versions.

On August 29, 2025, SUSE released security updates for SLED15, SLES15, and openSUSE 15 to address multiple vulnerabilities in git, git-lfs, obs-scm-bridge, and python-PyYAML. The updates address vulnerabilities in git, including arbitrary file creation and code execution.

SUSE released a security update on August 29, 2025, to fix a vulnerability (CVE-2025-8067) in udisks2 that could lead to an out-of-bounds read. The update affects SUSE Linux SLES12, SLED15, SLED_SAP15, SLES15, SLES_SAP15, and openSUSE 15.

SUSE released a security update for netty on August 29, 2025, to fix a vulnerability CVE-2025-55163 that could allow a 'MadeYouReset' DoS attack in HTTP/2 protocol. The update is available for SUSE Linux SLES15.

SUSE released a security update on August 29, 2025, for SLES12 to address vulnerability CVE-2025-50817 in the python-future package, allowing arbitrary code execution. The update requires updating the affected python-future package.

On August 29, 2025, a security flaw, CVE-2025-9646, was discovered in O2OA up to 10.0-410. The vulnerability results in cross site scripting and has a CVSS v4.0 score of 5.1.

Microsoft announced upcoming changes to NTLMv1 in Windows 11, version 24H2 and Windows Server 2025, focusing on auditing and blocking NTLMv1-derived cryptography. Auditing logs for NTLMv1 usage will be enabled in September 2025, with enforcement starting in October 2026.

Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions starting in October 2025 to protect against unauthorized access. This change is part of the Secure Future Initiative (SFI) and will be applied gradually worldwide.

Debian has released a security update for libxml2 to address a vulnerability (CVE-2025-7425) in libxslt that corrupts internal memory management, preventing a heap use-after-free. Affected packages have been updated for oldstable (bookworm) and stable (trixie) distributions.

On August 29, 2025, VulDB reported a security vulnerability, CVE-2025-9649, in appneta tcpreplay 4.5.1, involving a divide by zero error. The CVSS 4.0 score is 4.8.

Reports emerged of malware campaigns targeting users seeking software like PDF editors, spreading through websites mimicking legitimate download portals. These malicious applications exhibit malware behavior post-installation, turning systems into proxies for malicious actors.

JFrog researchers found 8 malicious NPM packages using 70 layers of obfuscation to steal Chrome user data on Windows. These packages were designed to steal personal data, including passwords, credit card information, and cryptocurrency funds.

APT-37, a North Korean state-sponsored cyber espionage group, is targeting South Korea using weaponized PDFs and LNK files. The group aims to steal sensitive information and conduct long-term espionage, with targets including individuals associated with the National Intelligence Research Association.

The Cephalus ransomware group, which emerged around June 2025, targets organizations via compromised Remote Desktop Protocol (RDP) connections, exploiting accounts without multi-factor authentication (MFA). Attackers use the MEGA cloud storage platform for data exfiltration before deploying the ransomware payload.

Amazon disrupted an opportunistic watering hole campaign by Russia-linked APT29 actors. The campaign used compromised websites to redirect visitors to malicious infrastructure, tricking users into authorizing attacker-controlled devices through Microsoft's device code authentication flow.

China-linked espionage actor Salt Typhoon is targeting smaller Dutch internet and hosting service providers in the Netherlands. The Dutch intelligence service reported that Salt Typhoon had access to routers belonging to Dutch targets but did not penetrate further into their internal networks.