A record-breaking Layer 7 (L7) Distributed Denial of Service (DDoS) attack was successfully mitigated after being launched by a massive botnet comprising 5.76 million compromised devices.

A massive 600 GB data leak allegedly tied to the Great Firewall of China has surfaced online, exposing a trove of internal documents, source code, and operational data. The leaked data is attributed to the hacktivist group Enlace Hacktivista.

A China-based advanced persistent threat (APT) group is actively targeting military organizations in the Asia-Pacific region, particularly the Philippines, using a newly discovered fileless malware framework named EggStreme.

The breach was discovered in an unsecured database managed by Hello Gym. The database contained 1,605,345 audio files, including voicemails and phone recordings collected between 2020 and 2025.

The breach affected 327 developers and exposed thousands of secrets, posing a significant risk to software supply chains. Several companies reported that their entire SDK portfolios were tampered with, increasing the risk of downstream compromise.

A record-breaking Distributed Denial-of-Service (DDoS) attack peaking at 11.5 terabits per second (Tbps) was successfully mitigated without service disruption. The attack lasted approximately 35 seconds.

A new malware campaign is leveraging a fake AnyDesk installer and a deceptive ClickFix technique to distribute MetaStealer malware. This campaign uses a novel "FileFix" method to bypass traditional defenses by exploiting Windows File Explorer.

Google has patched a critical vulnerability (CVE-2025-9478) in the Chrome browser. The flaw, a use-after-free issue in the ANGLE graphics library, could allow attackers to execute malicious code via crafted web content.

The breach exposed approximately 2.9 billion records, including highly sensitive personal information such as Social Security numbers (SSNs), names, addresses, phone numbers, and familial relationships.

A targeted spear-phishing campaign is impersonating CoinMarketCap journalists to compromise cryptocurrency executives. The attackers exploit Zoom’s remote control feature to gain access to victims' systems.