A record-breaking Distributed Denial-of-Service (DDoS) attack peaking at 11.5 terabits per second (Tbps) was successfully mitigated without service disruption. The attack lasted approximately 35 seconds.

A new malware campaign is leveraging a fake AnyDesk installer and a deceptive ClickFix technique to distribute MetaStealer malware. This campaign uses a novel "FileFix" method to bypass traditional defenses by exploiting Windows File Explorer.

Google has patched a critical vulnerability (CVE-2025-9478) in the Chrome browser. The flaw, a use-after-free issue in the ANGLE graphics library, could allow attackers to execute malicious code via crafted web content.

The breach exposed approximately 2.9 billion records, including highly sensitive personal information such as Social Security numbers (SSNs), names, addresses, phone numbers, and familial relationships.

A targeted spear-phishing campaign is impersonating CoinMarketCap journalists to compromise cryptocurrency executives. The attackers exploit Zoom’s remote control feature to gain access to victims' systems.

A fraudulent message claiming that Europol was offering a $50,000 reward for information on the Qilin ransomware group has been confirmed as a scam. The law enforcement agency has clarified that it does not use Telegram for official communications.

The Qilin ransomware group, also known as Agenda, has claimed responsibility for a major data breach at Nissan’s Creative Box Inc. (CBI), a Tokyo-based design subsidiary of Nissan Motor Co., Ltd.

A new report by Citizen Lab titled “Hidden Links” has uncovered that several popular VPN apps, including Turbo VPN, VPN Monster, and Snap VPN, are secretly operated by the same entities and exhibit critical security flaws.

A malicious campaign is distributing the NjRat Remote Access Trojan (RAT) through a fake Minecraft installer disguised as a browser-based clone called Eaglercraft 1.12 Offline.

A significant data breach has occurred at Florida-based data solutions provider IMDataCenter, exposing over 38GB of sensitive personal and client data due to a misconfigured Amazon Web Services (AWS) S3 bucket.