Since early 2025, the cybersecurity community has witnessed an unprecedented surge in distributed denial-of-service (DDoS) bandwidth, culminating in a record-shattering 11.5 Tbps assault attributed to a botnet named AISURU. Emerging from XLab’s continuous monitoring of global DDoS incidents, this botnet…
Tag: Cyber Security News
SmokeLoader Utilizes Optional Plugins To Perform Tasks Such as Stealing Data and DoS Attacks
SmokeLoader, first seen on criminal forums in 2011, has evolved into a highly modular malware loader designed to deliver a variety of second-stage payloads, including trojans, ransomware, and credential stealers. After Operation Endgame disrupted numerous campaigns in mid-2024, the loader…
Spring Framework and Security Vulnerabilities Enables Authorization Bypass and Annotation Detection Flaw
Two critical vulnerabilities, CVE-2025-41248 and CVE-2025-41249, have emerged in Spring Security and Spring Framework that could allow attackers to bypass authorization controls in enterprise applications. These flaws arise when using Spring Security’s @EnableMethodSecurity feature in conjunction with method-level annotations such…
New Phoenix Rowhammer Attack Variant Bypasses Protection With DDR5 Chips
A new Rowhammer attack variant named Phoenix can bypass the latest protections in modern DDR5 memory chips, researchers have revealed. The attack is the first to demonstrate a practical privilege escalation exploit on a commodity system equipped with DDR5 RAM,…
0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities
A 0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities, achieving remote code execution on a two-year-out-of-date Linux 6.1.45 instance running the kernelspace SMB3 daemon, ksmbd. By chaining two authenticated N-day flaws, CVE-2023-52440 and CVE-2023-4130, the exploit attains an unauthenticated…
New Maranhão Stealer Via Pirated Software Leveraging Cloud-Hosted Platforms to Steal Login Credentials
Since May 2025, a novel credential stealer dubbed Maranhão Stealer has emerged as a significant threat to users of pirated gaming software. Distributed through deceptive websites hosting cracked launchers and cheats, the malware leverages cloud-hosted platforms to deliver trojanized installers…
Open Source CyberSOCEval Sets New Standards for AI in Malware Analysis and Threat Intelligence
A groundbreaking open-source benchmark suite called CyberSOCEval has emerged as the first comprehensive evaluation framework for Large Language Models (LLMs) in Security Operations Center (SOC) environments. Released as part of CyberSecEval 4, this innovative benchmark addresses critical gaps in cybersecurity…
Massive Supply Chain Attack Hijacks ctrl/tinycolor With 2 Million Downloads and Other 40 NPM Packages
A sophisticated and widespread supply chain attack has struck the NPM ecosystem, compromising the popular @ctrl/tinycolor package, which is downloaded over 2 million times per week. The attack also affected more than 40 other packages from various maintainers, introducing a…
Pro-Russian Hackers Attacking Key Industries in Major Countries Around The World
A sophisticated pro-Russian cybercriminal group known as SectorJ149 (also identified as UAC-0050) has emerged as a significant threat to critical infrastructure worldwide, conducting targeted attacks against manufacturing, energy, and semiconductor companies across multiple nations. The group’s activities represent a strategic…
Threat Actors Leverage Several RMM Tools in Phishing Attack to Maintain Remote Access
Cybercriminals are increasingly exploiting legitimate remote monitoring and management (RMM) tools to establish persistent access to compromised systems through sophisticated phishing campaigns. Joint research conducted by Red Canary Intelligence and Zscaler threat hunters has identified multiple malicious campaigns utilizing ITarian…