A record-breaking 7.3 Tbps distributed denial-of-service (DDoS) attack was autonomously mitigated by Cloudflare in May 2025. The attack, which lasted 45 seconds and delivered 37.4 terabytes of data, targeted an unnamed hosting provider.

Cybersecurity researchers have identified a new Rust-based information stealer named Myth Stealer, distributed via fraudulent gaming websites and cracked software. The malware targets Chromium and Gecko-based browsers.

A new variant of the Chaos RAT, an open-source remote access trojan written in Golang and inspired by frameworks like Cobalt Strike and Sliver, is actively targeting both Windows and Linux systems.

Google has released an emergency out-of-band update to patch a high-severity zero-day vulnerability (CVE-2025-5419) in its Chrome browser. The flaw, which affects the V8 JavaScript and WebAssembly engine, has been actively exploited in the wild.

On May 27, 2025, a coordinated international law enforcement operation led by the DoJ, in collaboration with Dutch and Finnish authorities, resulted in the seizure of three publicly disclosed domains—AvCheck[.]net, Cryptor[.]biz, and Crypt[.]guru.

A newly discovered Remote Access Trojan (RAT) targeting Windows systems employs corrupted DOS and PE headers to evade detection and hinder analysis. The malware was found running undetected for several weeks on a compromised host.

Researchers observed a coordinated cloud-based scanning operation involving 251 Amazon-hosted IP addresses geolocated in Japan. They targeted 75 known exposure points across various technologies, exploiting multiple high-severity vulnerabilities.

A newly identified phishing campaign is targeting mobile users by injecting malicious JavaScript into websites to redirect them to adult-content Progressive Web Apps (PWAs).

Security researchers have uncovered critical risks in default IAM roles across AWS services like SageMaker, Glue, and EMR. These roles, often auto-created during setup, are granted AmazonS3FullAccess.

A threat actor known as UnsolicitedBooker has been observed targeting a Saudi Arabian organization over a span of three years using a newly identified backdoor named MarsSnake.