Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 8 Aug 2025

Jorge Laurel · ·3 min read ·Issue #90


🚨 Zero-days, crypto-stealing extensions, and AI-weaponized attacks—it’s been a week full of cybersecurity “achievements.” Also: Perplexity’s scraping scandal, scammy snail mail, and AI that might be a little too curious. Full roundup below!


Malware & Vulnerabilities

From zero-days in security appliances to flaws in Exchange, Axis, and IP cameras—this week was a buffet of critical bugs waiting to be exploited.

  • 🛡️ SonicWall probing potential zero-day in SSL VPN after 20+ targeted attacks (Published on 8/4/2025, The Hacker News). Read More

  • 🔐 SonicWall urges disabling SSLVPN over suspected Gen 7 firewall exploit (Published on 8/5/2025, BleepingComputer). Read More

  • 📹 Bitdefender urges patching Dahua cameras due to two critical vulnerabilities (Published on 8/4/2025, Hackread). Read More

  • 🧰 Microsoft warns of high-severity flaw in hybrid Exchange deployments (Published on 8/7/2025, BleepingComputer). Read More

  • 📷 6,500 Axis servers expose remote access flaws; 4,000 in U.S. vulnerable (Published on 8/7/2025, The Hacker News). Read More

Major Cyberattacks & Incidents

Ransomware groups and data extortionists continue to wreak havoc—attacking Google, breaching CRM platforms, and draining crypto wallets at scale.

  • 🧨 Royal and BlackSuit ransomware gangs breached over 450 U.S. companies before takedown (Published on 8/8/2025, BleepingComputer). Read More

  • 🕵️ Google suffers data breach via Salesforce CRM data theft attacks by ShinyHunters (Published on 8/6/2025, BleepingComputer). Read More

  • 🦊 Malicious GreedyBear campaign hits Firefox with 150+ crypto-draining extensions (Published on 8/7/2025, BleepingComputer). Read More

  • 💰 GreedyBear steals $1M via fake Firefox wallet extensions like MetaMask and TronLink (Published on 8/8/2025, The Hacker News). Read More

Phishing & Social Engineering

From QR scams by snail mail to Microsoft 365 misuse, attackers are inventing ever sneakier ways to breach your inbox and wallet.

  • ✉️ FBI warns of scam packages with malicious QR codes arriving via postal mail (Published on 8/5/2025, Malwarebytes). Read More

  • 💼 Phishers abuse Microsoft 365 “Direct Send” to spoof internal users undetected (Published on 8/6/2025, Dark Reading). Read More

AI & Policy

From ethical AI crawling debates to cloud safety and privacy flaws in Apple’s AI—this week was a reminder that AI governance is anything but settled.

  • 🧠 Perplexity AI defended after Cloudflare flags it for scraping blocked sites (Published on 8/5/2025, TechCrunch). Read More

  • ☁️ AI agents boosting cloud productivity—but exposing new vulnerabilities (Published on 8/7/2025, InformationWeek). Read More

  • 🔍 Research reveals privacy gaps in Apple Intelligence’s data handling practices (Published on 8/8/2025, CyberScoop). Read More

  • 🧑‍💻 Threat actors increasingly use GenAI to automate cyber attacks and impersonation (Published on 8/4/2025, Dark Reading). Read More

Law Enforcement & Takedowns

One massive takedown shows that even scam call centers can’t hide forever—especially when they target 6.8 million WhatsApp users.

  • 🧹 WhatsApp shuts down 6.8M accounts linked to scam centers in Cambodia (Published on 8/6/2025, SecurityWeek). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!