thehackernews

Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider

A record-breaking 7.3 Tbps distributed denial-of-service (DDoS) attack was autonomously mitigated by Cloudflare in May 2025. The attack, which lasted 45 seconds and delivered 37.4 terabytes of data, targeted an unnamed hosting provider.

Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users

Cybersecurity researchers have identified a new Rust-based information stealer named Myth Stealer, distributed via fraudulent gaming websites and cracked software. The malware targets Chromium and Gecko-based browsers.

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

A new variant of the Chaos RAT, an open-source remote access trojan written in Golang and inspired by frameworks like Cobalt Strike and Sliver, is actively targeting both Windows and Linux systems.

New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch

Google has released an emergency out-of-band update to patch a high-severity zero-day vulnerability (CVE-2025-5419) in its Chrome browser. The flaw, which affects the V8 JavaScript and WebAssembly engine, has been actively exploited in the wild.

U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation

On May 27, 2025, a coordinated international law enforcement operation led by the DoJ, in collaboration with Dutch and Finnish authorities, resulted in the seizure of three publicly disclosed domains—AvCheck[.]net, Cryptor[.]biz, and Crypt[.]guru.

New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

A newly discovered Remote Access Trojan (RAT) targeting Windows systems employs corrupted DOS and PE headers to evade detection and hinder analysis. The malware was found running undetected for several weeks on a compromised host.

251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch

Researchers observed a coordinated cloud-based scanning operation involving 251 Amazon-hosted IP addresses geolocated in Japan. They targeted 75 known exposure points across various technologies, exploiting multiple high-severity vulnerabilities.

Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

A newly identified phishing campaign is targeting mobile users by injecting malicious JavaScript into websites to redirect them to adult-content Progressive Web Apps (PWAs).

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

Security researchers have uncovered critical risks in default IAM roles across AWS services like SageMaker, Glue, and EMR. These roles, often auto-created during setup, are granted AmazonS3FullAccess.

Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization

A threat actor known as UnsolicitedBooker has been observed targeting a Saudi Arabian organization over a span of three years using a newly identified backdoor named MarsSnake.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags