ddos | Breaking Cybersecurity News | The Hacker News

What happens when cybercriminals no longer need deep skills to breach your defenses? Today's attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they're not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security unnoticed. This week's threats are a reminder: waiting to react is no longer an option. Every delay gives attackers more ground. ⚡ Threat of the Week Critical SAP NetWeaver Flaw Exploited as 0-Day — A critical security flaw in SAP NetWeaver (CVE-2025-31324, CVSS score: 10.0) has been exploited by unknown threat actors to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. The attacks have also been observed using the Brute Ratel C4 post-exploitation framework, as well as a well-known technique called Heaven's Gate to bypass endpoint protections. ...

Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security , represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources. This involves deploying a malware strain that connects to a nascent Web3 service called Teneo, a decentralized physical infrastructure network (DePIN) that allows users to monetize public social media data by running a Community Node in exchange for rewards called Teneo Points , which can be converted into $TENEO Tokens. The node essentially functions as a distributed social media scraper to extract posts from Facebook, X, Reddit, and TikTok. An analysis of artifacts gathered from Darktrace's honeypots has revealed that the attack starts with a request to launch a container image " kazutod/tene:ten " from the ...

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a specially crafted request. Web infrastructure and security company Akamai said the earliest exploit attempt targeting the flaw dates back to May 2024, although a proof-of-concept (PoC) exploit has been publicly available since June 2023. "The exploit targets the /camera-cgi/admin/param.cgi endpoint in Edimax devices, and injects commands into the NTP_serverName option as part of the ipcamSource option of param.cgi," Akamai researchers Kyle Lefton and Larry Cashdollar said . While weaponizing the endpoint requires authentication, it has been found that the exploitation attempts are...

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d . The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries and regions. As of February 25, 2025, India has experienced a notable surge in infection rate, increasing from less than 1% (3,901) to 18.17% (217,771).  "Vo1d has evolved to enhance its stealth, resilience, and anti-detection capabilities," QiAnXin XLab said . "RSA encryption secures network communication, preventing [command-and-control] takeover even if [the Domain Generation Algorithm] domains are registered by researchers. Each payload uses a unique Downloader, with XXTEA encryption and RSA-protected keys, making analysis harder." The malware was first documented by Doctor Web in September 2024 as affecting Androi...

Gcore's latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period's findings emphasize the need for robust, adaptive DDoS mitigation as attacks become more precise and frequent. Let's dive into the numbers. Key takeaways: the future of DDoS defense Here are the four key takeaways from Gcore Radar: DDoS attacks are increasing in volume and sophistication. The 17% growth in total attacks and new peak volume of 2 Tbps highlight the need for advanced protection. Financial services face growing risks. With a 117% increase in attacks, this sector requires heightened security measures. Shorter, high-intensity attacks are now the norm. Traditional mitigation approaches must adapt to rapid burst attacks that can evad...

A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor to execute arbitrary commands within the context of the phone. It affects Mitel 6800 Series, 6900 Series, 6900w Series SIP Phones, and Mitel 6970 Conference Unit. It was addressed by Mitel in mid-July 2024. A proof-of-concept (PoC) exploit for the flaw became publicly available in August. Outside of CVE-2024-41710, some of the other vulnerabilities targeted by the botnet include CVE-2018-10561, CVE-2018-10562, CVE-2018-17532, CVE-2022-31137, CVE-2023-26801, and a remote code execution flaw targeting Linksys E-series devices.  "Aquabot is a botnet that was built off the Mirai fram...

Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its customers, an unnamed internet service provider (ISP) from Eastern Asia. The activity originated from a Mirai -variant botnet. "The attack lasted only 80 seconds and originated from over 13,000 IoT devices," Cloudflare's Omer Yoachimik and Jorge Pacheco said in a report. That said, the average unique source IP address observed per second was 5,500, with the average contribution of each IP address per second around 1 Gbps. The previous record for the largest volumetric DDoS assault was also reported by Cloudflare in October 2024, which peaked at 3.8 Tbps. Cloudflare also revealed it blocked approximately 21.3 million DDoS attacks in 2024, a 53% increase from 2023, and th...

Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks," Qualys security researcher Shilpesh Trivedi said in an analysis. The campaign is known to be active since at least July 2024, with over 1,370 systems infected to date. A majority of the infections have been located in Malaysia, Mexico, Thailand, Indonesia, and Vietnam. Evidence shows that the botnet leverages known security flaws such as CVE-2017-17215 and CVE-2024-7029 to gain initial access to the Internet of Things (IoT) devices and download the next stage payload by means of a shell script. The script, for its part, fetches the botnet malware and executes it depending on the CPU architecture. The end goal of ...

Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. "These systems have been infected with the Mirai malware and were subsequently used as a DDoS attack source to other devices accessible by their network," it said . "The impacted systems were all using default passwords." Mirai , which has had its source code leaked in 2016, has spawned several variants over the years. The malware is capable of scanning for known vulnerabilities as well as default credentials to infiltrate devices and enlist them into a botnet for mounting distributed denial-of-service (DDoS) attacks. To mitigate such threats, organizations are recommended to change their passwords with i...