Microsoft has released an emergency update to fix a bug that prevents Azure virtual machines from launching when the Trusted Launch setting is disabled and Virtualization-Based Security (VBS) is enabled. […]
North Korean XORIndex malware hidden in 67 malicious npm packages
North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. […]
Police disrupt “Diskstation” ransomware gang attacking NAS devices
An international law enforcement action dismantled a Romanian ransomware gang known as ‘Diskstation,’ which encrypted the systems of several companies in the Lombardy region, paralyzing their businesses. […]
Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors
Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter.
“Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed,” Omer Yoachimik and Jorge Pacheco said. “Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71
“Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed,” Omer Yoachimik and Jorge Pacheco said. “Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71
Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools
Cybersecurity researchers have shed light on a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025.
GLOBAL GROUP was “promoted on the Ramp4u forum by the threat actor known as ‘$$$,'” EclecticIQ researcher Arda Büyükkaya said. “The same actor controls
GLOBAL GROUP was “promoted on the Ramp4u forum by the threat actor known as ‘$$$,'” EclecticIQ researcher Arda Büyükkaya said. “The same actor controls
Virtual Event Preview: Cloud & Data Security Summit 2025 – Tackling Exposed Attack Surfaces in the Cloud
Virtual event brings together leading experts, practitioners, and innovators for a full day of insightful discussions and tactical guidance on evolving threats and real-world defense strategies in cloud security.
The post Virtual Event Preview: Cloud & Data Security Summit 2025 – Tackling Exposed Attack Surfaces in the Cloud appeared first on SecurityWeek.
Threat Actors Use SVG Smuggling for Browser-Native Redirection
Obfuscated JavaScript code is embedded within SVG files for browser-native redirection to malicious pages.
The post Threat Actors Use SVG Smuggling for Browser-Native Redirection appeared first on SecurityWeek.
Android malware Konfety uses malformed APKs to evade detection
A new variant of the Konfety Android malware emerged with a malformed ZIP structure along with other obfuscation methods that allow it to evade analysis and detection. […]
DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total
Cloudflare has published its quarterly DDoS threat report for Q2 2025 and the company says it has blocked millions of attacks.
The post DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total appeared first on SecurityWeek.
Data Breach at Debt Settlement Firm Impacts 160,000 People
Pennsylvania-based Century Support Services is disclosing a data breach after its systems were hacked in November 2024.
The post Data Breach at Debt Settlement Firm Impacts 160,000 People appeared first on SecurityWeek.