The attack was aimed at a European network infrastructure company and it has been linked to the Aisuru botnet.
The post Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps appeared first on SecurityWeek.
SonicWall Updates SMA 100 Appliances to Remove Overstep Malware
The software update includes additional file checks and helps users remove the known rootkit deployed in a recent campaign.
The post SonicWall Updates SMA 100 Appliances to Remove Overstep Malware appeared first on SecurityWeek.
Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers
Tracked as CVE-2025-59689, the command injection bug could be triggered via malicious emails containing crafted compressed attachments.
The post Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers appeared first on SecurityWeek.
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials
Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS).
The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery (SSRF) that allows attackers to
The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery (SSRF) that allows attackers to
State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability
Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors.
The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium severity.
“Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious email containing a
The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium severity.
“Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious email containing a
Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack
JLR extended the pause in production “to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation.”
The post Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack appeared first on SecurityWeek.
A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York
More than 300 servers and 100,000 SIM cards designed to mimic cellphones and overwhelm networks.
The post A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York appeared first on SecurityWeek.
Boyd Gaming discloses data breach after suffering a cyberattack
US gaming and casino operator Boyd Gaming Corporation disclosed it suffered a breach after threat actors gained access to its systems and stole data, including employee information and data belonging to a limited number of other individuals. […]
Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security
Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could potentially allow attackers to bypass crucial verification steps and update the system with a specially crafted image.
The medium-severity vulnerabilities, both of which stem from improper verification of a cryptographic signature, are
The medium-severity vulnerabilities, both of which stem from improper verification of a cryptographic signature, are
Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack
Binarly researchers have found a way to bypass a patch for a previously disclosed vulnerability.
The post Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack appeared first on SecurityWeek.