August was already a brutal month for security teams, but the updates hitting the wire on August 29 2025 really hammered home how messy things have gotten. Between a massive data breach at TransUnion and a literal house-cleaning at FEMA, it’s clear that the "old way" of doing security is basically dead.
If you’ve been following the headlines, you know that the "summer of breaches" didn't exactly cool down with the weather. Honestly, it feels like every major SaaS platform is under a microscope right now. We aren't just talking about a few stolen passwords; we're talking about systemic failures in how companies manage their third-party connections.
What really happened with the TransUnion breach?
By the time we hit August 29, the full scale of the TransUnion disaster started to settle in. It’s a big one. We are looking at roughly 4.4 million people whose data was exposed.
Now, here’s the kicker: this wasn’t some complex, "Ocean’s Eleven" style heist on their main servers. Instead, it was an exploitation of their Salesforce environment. Hackers didn't kick down the front door; they found a side window left unlocked by a third-party application.
The stolen data included:
- Full names and Social Security numbers.
- Dates of birth.
- Driver’s license numbers.
- Financial account details (credit and debit cards).
It's sorta terrifying because TransUnion is supposed to be the gatekeeper of our financial identities. When a credit bureau leaks your SSN, you've got a long-term problem. This incident has put a massive spotlight on how "OAuth tokens"—the little digital keys that let different apps talk to each other—are becoming the favorite tool for groups like ShinyHunters and UNC6395.
The FEMA shakeup: Accountability hits the fan
While the private sector was reeling from data theft, the federal government was dealing with its own drama. On August 29 2025, Homeland Security Secretary Kristi Noem dropped a bombshell by firing two dozen members of the FEMA IT department.
👉 See also: LG UltraGear OLED 27GX700A: The 480Hz Speed King That Actually Makes Sense
This wasn't just a "minor disagreement" over policy. The investigation uncovered that FEMA leadership had basically ignored basic security for years. Think about that: the agency responsible for national emergencies didn't even have Multi-Factor Authentication (MFA) fully implemented across the board.
"FEMA's career IT leadership failed on every level... they avoided scheduled inspections and lied to officials about the scope and scale of the cyber vulnerabilities." — Secretary Kristi Noem.
The fallout included the termination of the CIO and CISO. It’s a rare moment where "entrenched bureaucrats" (as the DHS statement put it) actually faced consequences for poor cyber hygiene. It turns out FEMA spent nearly $500 million in 2025 on IT and still managed to leave the door wide open for threat actors.
AI is now writing its own ransomware
If you think the current threats are bad, the August 29 2025 reports about GPT-OSS:20B should give you pause. Researchers and threat hunters confirmed the first documented case of ransomware fully authored by an open-source AI model.
Usually, hackers use AI to write better phishing emails. This is different. This AI actually crafted the encryption logic and the delivery mechanism. It's basically a "force multiplier" for bad actors who might not have the coding skills to build a sophisticated locker from scratch.
Basically, the barrier to entry for becoming a ransomware kingpin just hit the floor.
✨ Don't miss: How to Remove Yourself From Group Text Messages Without Looking Like a Jerk
CISA's warning on Chinese state actors
In the middle of all this, CISA (the Cybersecurity and Infrastructure Security Agency) issued a massive advisory regarding Chinese state-sponsored activity. This wasn't just a generic "be careful" warning. They specifically called out a campaign known as Salt Typhoon.
These actors aren't looking for credit cards. They are targeting the "backbone" of the internet—the massive routers that handle telecommunications traffic for entire regions. By compromising these edge devices, they can stay hidden for years, quietly siphoning off data from government agencies and critical infrastructure.
CISA added a new vulnerability to its "Must Patch" list (the KEV Catalog) on August 29: CVE-2025-57819. This is an authentication bypass in Sangoma FreePBX phone systems. If you're running that hardware and haven't patched it, you're effectively inviting people to listen to your corporate calls.
Breaking down the August 2025 breach list
It wasn't just TransUnion. The cybersecurity news on August 29 2025 confirmed that this was a record-breaking month for data exposure. Over 17.3 million records were leaked globally throughout the month.
Here is a quick look at who else got hit:
- Bouygues Telecom: A ransomware attack exposed 6.4 million records, including IBAN bank details.
- Air France–KLM: Hackers hit a customer support system, snagging loyalty program data and passenger names.
- Workday: Like TransUnion, they were swept up in a campaign targeting Salesforce integrations.
- Nevada IT Systems: The state had to close offices for two days because their internal systems were crippled by a cyberattack.
- Miljödata: This Swedish IT supplier for 200 municipalities was hit, disrupting HR and personnel services for a huge chunk of the country.
Why "Patch Tuesday" wasn't enough this time
Earlier in the month, Microsoft patched 107 vulnerabilities, including 13 rated as "Critical." But by August 29, it was clear that the speed of exploitation is outpacing the speed of patching.
🔗 Read more: How to Make Your Own iPhone Emoji Without Losing Your Mind
A particularly nasty bug, CVE-2025-50165, allows hackers to hide malicious code inside a JPEG image. You open a document with a "poisoned" picture, and suddenly they have remote code execution (RCE) on your machine. No "click here to download" required. Just viewing the file is enough.
How to actually protect yourself now
Look, the "expert" advice used to be "just change your password." That's not enough anymore. If the August 29 2025 news proves anything, it's that your data is often stolen from a company you trust, not from your own phone.
Stop relying on SMS for 2FA. If a company offers an authenticator app or a hardware key (like a YubiKey), use it. SMS can be intercepted or "sim-swapped" too easily.
Audit your app permissions. Go into your Google, Salesforce, or Microsoft accounts and look at "Third-party apps with account access." If you haven't used an app in six months, revoke its access. That's exactly how the TransUnion and Workday breaches happened—old, forgotten connections being exploited.
Freeze your credit. If you're one of the 4.4 million in the TransUnion breach (or the millions of others hit this month), freezing your credit at all three bureaus (Equifax, Experian, and TransUnion) is the only way to stop someone from opening a loan in your name. It's free and takes ten minutes.
Update your devices tonight. Those "JPEG vulnerabilities" and SharePoint zero-days are being actively used by state actors right now. Don't wait for the weekend.
Actionable Next Steps
- Check HaveIBeenPwned: Enter your email to see if your data from the August breaches has already hit the dark web.
- Verify your MFA: Ensure your most sensitive accounts (banking, primary email) are NOT using SMS-based authentication.
- Review SaaS Integrations: If you run a business, have your IT team perform a "Token Audit" to see which third-party apps have "Write" or "Admin" access to your CRM.
- Monitor Credit Reports: Since TransUnion was the victim this time, don't rely on their internal monitoring. Use a third-party service to watch for new accounts.
The landscape of cybersecurity news on August 29 2025 is a loud wake-up call. We're moving into an era where AI-generated malware and "supply chain" attacks are the norm. It’s no longer about if you'll be affected, but how quickly you can lock down your digital life when it happens.