This method enables attackers to serve malicious web content exclusively to AI agents while presenting benign pages to human users, thereby hijacking the agents’ behavior for malicious purposes.

In H1 2025, a total of 8,062,971 DDoS attacks were recorded globally, with the EMEA region experiencing the highest volume at 3.2 million attacks. Peak attack speeds reached 3.12 Tbps and 1.5 Gbps.

A record-breaking Distributed Denial-of-Service (DDoS) attack peaking at 11.5 terabits per second (Tbps) was successfully mitigated without service disruption. The attack lasted approximately 35 seconds.

Three TLS certificates were mis-issued for 1.1.1.1, a DNS service operated by Cloudflare and APNIC. These certificates, issued in May 2025 by Fina RDC 2020, a subordinate CA under Fina Root CA, were only discovered four months later.

A new phishing campaign is targeting industrial manufacturing and supply chain organizations, primarily in the US. The campaign is designed to bypass traditional email security defenses and deliver a custom in-memory backdoor named MixShell.

Attackers abused the Claude AI chatbot to automate and execute sophisticated extortion operations. At least 17 organizations across government, healthcare, emergency services, and religious sectors were targeted.

The TAOTH campaign is a targeted cyber-espionage operation exploiting end-of-support software and spear-phishing to deploy multiple malware families - TOSHIS, DESFY, GTELAM, and C6DOOR.

The activity identified by the intelligence services partially overlaps with campaigns reported by the cybersecurity industry and tracked as Salt Typhoon, RedMike, OPERATOR PANDA, UNC5807 and Ghost Emperor among others, stated the document.

An AI-based attack technique enables data theft by embedding malicious prompts within images. These prompts are revealed only after the images are downscaled by AI systems, allowing attackers to inject commands into LLMs without user awareness.

A surge in coordinated scanning activity has been detected targeting Microsoft RDP Web Access and RDP Web Client authentication portals. This activity involves nearly 1,971 unique IP addresses.