It was a recently unimaginable 7.3 Tbps: The vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video playback, gaming applications, and DNS lookups. It speeds up communications by not formallyRead More »Largest DDoS Attack to Date
Google has revealed the various safety measures that are being incorporated into its generative artificial intelligence (AI) systems to mitigate emerging attack vectors like indirect prompt injections and improve the overall security posture for agentic AI systems. “Unlike direct prompt injections, where an attacker directly inputs malicious commands into aRead More »Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks
Iranian hackers are expected to intensify cyberattacks against the US after the recent air strikes on Iran’s nuclear sites. The post US Braces for Cyberattacks After Bombing Iranian Nuclear Sites appeared first on SecurityWeek.
Not every risk looks like an attack. Some problems start as small glitches, strange logs, or quiet delays that don’t seem urgent—until they are. What if your environment is already being tested, just not in ways you expected? Some of the most dangerous moves are hidden in plain sight. It’sRead More »⚡ Weekly Recap: Chrome 0-Day, 7.3 Tbps DDoS, MFA Bypass Tricks, Banking Trojan and More
Nucor has shared an update on the impact of the recent cyberattack and confirmed that some data has been taken from its IT systems. The post Steelmaker Nucor Says Hackers Stole Data in Recent Attack appeared first on SecurityWeek.
In January 2025, we uncovered the SparkCat spyware campaign, which was aimed at gaining access to victims’ crypto wallets. The threat actor distributed apps containing a malicious SDK/framework. This component would wait for a user to open a specific screen (typically a support chat), then request access to the device’sRead More »SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play
The April 2025 cyber attacks targeting U.K. retailers Marks & Spencer and Co-op have been classified as a “single combined cyber event.” That’s according to an assessment from the Cyber Monitoring Centre (CMC), a U.K.-based independent, non-profit body set up by the insurance industry to categorize major cyber events. “GivenRead More »Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages
Aflac said that it’s in the early stages of a review of the incident, and so far is unable to determine the total number of affected individuals. The post Aflac Finds Suspicious Activity on US Network That May Impact Social Security Numbers, Other Data appeared first on SecurityWeek.
This is the first ever video of the Antarctic Gonate Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
The threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals. The new feature takes the form of aRead More »Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
