InfoSec News 20250904
Top News
-
Cloudflare Mitigates Largest Ever Recorded DDoS Attack at 11.5 Tbps
Cloudflare has successfully mitigated the largest DDoS attack (or distributed denial-of-service attack) recorded to date. The attack peaked at 11.5 terabits per second and lasted roughly 35 seconds before being neutralised without disrupting services.
TLP1 : Green
-
Tire giant Bridgestone confirms cyberattack impacts manufacturing
Car tire giant Bridgestone confirms it is investigating a cyberattack that impacts the operation of some manufacturing facilities in North America. The company believes that its rapid response contained the attack at its early stages, preventing customer data theft or deep network infiltration.
TLP1 : Green
-
Google Fined $379 Million by French Regulator for Cookie Consent Violations
The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (€325 million) and $175 million (€150 million), respectively, for violating cookie rules.Both companies set advertising cookies on users' browsers without securing their consent, the National Commission on Informatics and Liberty (CNIL) said. Shein has since updated its systems to comply with the regulation. Reuters reported that the retailer plans to appeal the decision.
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
DDoS attacks serve as instruments of political influence and disruption
In the first half of 2025, there were 8,062,971 DDoS attacks worldwide, with EMEA taking the brunt at 3.2 million attacks, according to Netscout. Peak attacks reached speeds of 3.12 Tbps and 1.5 Gpps.
TLP1 : Green
-
Scattered Spider-Linked Group Claims JLR Cyber-Attack
Jaguar Land Rover (JLR) is investigating claims by a hacker syndicate linked to the Scattered Spider group that they are responsible for the hack on the car manufacturing giant. The English-speaking cybercrime group is believed to be responsible for the cyber-attacks on UK retailers Marks & Spencer (M&S), The Co-op and Harrods earlier this year.
TLP1 : Green
Breaches: Data Breaches and Hacks
-
SaaS giant Workiva discloses data breach after Salesforce attack
Workiva, a leading cloud-based SaaS (Software as a Service) provider, notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data.
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
South Carolina school district notifies 31,000 people of data breach that leaked SSNs and financial info
School District 5 of Lexington and Richland Counties in South Carolina this week confirmed it notified 31,475 people of a June 2025 data breach.
TLP1 : Green
-
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)
Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.”
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Uncovering a Colombian Malware Campaign with AI Code Analysis
VirusTotal Code Insight keeps adding new file formats. This time, we’re looking at two vector-based formats from very different eras: SWF and SVG. Curiously, right after we rolled out this update in production, one of the very first submitted files gave us a perfect, and unexpected, example of Code Insight in action: it uncovered an undetected malware campaign using SVG files that impersonated the Colombian justice system.
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet
People in Internet security circles are sounding the alarm over the issuance of three TLS certificates for 1.1.1.1, a widely used DNS service from content delivery network Cloudflare and the Asia Pacific Network Information Centre (APNIC) Internet registry.
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.