L7 DDoS Botnet Hijacked 5.76M Devices to Launch Massive Attacks
In early March 2025, security teams first observed an unprecedented L7 DDoS botnet targeting web applications across multiple sectors. The botnet, rapidly expanding from an…
Category: CyberSecurityNews
New EggStreme Malware With Fileless Capabilities Leverages DLL Sideloading to Execute Payloads
A previously unknown advanced persistent threat (APT) group has unleashed a new fileless malware framework, dubbed EggStreme, in a highly targeted espionage campaign against strategic…
Cornwell Quality Tools Data Breach
Cornwell Quality Tools has disclosed a significant data breach that compromised the sensitive information of nearly 104,000 individuals. The incident involved unauthorized access to the…
ChillyHell macOS Malware Profiles Compromised Machines and Maintain Persistence with 3 Methods
ChillyHell first surfaced on public malware repositories in early May 2025, although its developer-signed notarization dates back to 2021. This modular backdoor has eluded detection…
Malicious Chrome Extension Attacking Users to Steal Meta Login Credentials
A novel malicious Chrome extension has been uncovered targeting digital marketers by masquerading as a productivity tool for Meta ad campaigns. Dubbed “Madgicx Plus,” this…
Hackers Booked Very Little Profit with Widespread npm Supply Chain Attack
A sophisticated npm supply chain attack that surfaced in late August targeted thousands of downstream projects by injecting malicious payloads into popular JavaScript libraries. Initial…
NVIDIA NVDebug Tool Vulnerability Let Attackers Escalate Privileges
NVIDIA has released a security update for its NVDebug tool to address three high-severity vulnerabilities that could allow an attacker to escalate privileges, execute code,…
Senator Calls for FTC Investigation into Microsoft’s Use of Outdated RC4 Encryption and Kerberoasting Vulnerabilities
U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to investigate Microsoft for what he terms “gross cybersecurity negligence,” accusing the tech…
DDoS Mitigation Provider targeted In 1.5 Gpps 1.5 Billion Packets per Second DDoS Attack
FastNetMon, a prominent provider of DDoS detection solutions, announced this week that it had identified and helped mitigate a record-breaking distributed denial-of-service (DDoS) attack. The…
ACSC Warns Of Sonicwall Access Control Vulnerability Actively Exploited In Attacks
The Australian Cyber Security Centre (ACSC) has issued a critical alert regarding a severe access control vulnerability in SonicWall products that is being actively exploited…
Authorities Arrested Admins Of “LockerGoga,” “MegaCortex,” And “Nefilim” Ransomware Gands
The U.S. District Court for the Eastern District of New York has unsealed a superseding indictment against a Ukrainian national, charging him with his alleged…
New Phishing Attack Mimics Google AppSheet to Steal Login Credentials
A sophisticated phishing campaign has emerged targeting Google Workspace organizations through fraudulent emails impersonating Google’s AppSheet platform. The attack demonstrates how cybercriminals exploit legitimate cloud…