Microsoft said on November 17, 2025 that its Azure DDOS Protection successfully mitigated the largest cloud DDOS attack ever recorded, at 15.72 Tbps (Tera bits per second) and 3.64 billion pps (packets per second). The attack involved extremely high-rate UDP floods targeting a specific public IP address, launched from over 500,000 source IPs across various regions. The sudden UDP bursts had minimal source spoofing and used random source ports.
The attack originated from Aisuru botnet. Aisuru is a Turbo Mirai-class IoT botnet that frequently causes record-breaking DDoS attacks by exploiting compromised home routers and cameras/DVRs, mainly in residential ISPs in the United States and other countries.
The Canadian Centre for Cyber Security warned on October 29, 2025 that hacktivists have repeatedly breached critical infrastructure systems in the country.
“One incident affected a water facility, tampering with water pressure values and resulting in degraded service for its community. Another involved a Canadian oil and gas company, where an Automated Tank Gauge (ATG) was manipulated, triggering false alarms. A third one involved a grain drying silo on a Canadian farm, where temperature and humidity levels were manipulated, resulting in potentially unsafe conditions if not caught on time.” says the alert posted by the Canadian Centre for Cyber.
They advised organizations to maintain an up-to-date inventory of internet-accessible Industrial Control Systems (ICS) devices, replace direct exposure with VPNs with two-factor authentication, and apply the Cyber Centre’s Readiness Goals to strengthen cyber defense.
More than 261,000 F5 BIG-IP instances connected to the internet could be at risk of cyberattacks following the recent cyberattack suffered by the company, experts have warned. Of these, over 140,000 instances are in North America, over 58,000 are in Europe, and over 47,000 are in Asia.
“In August 2025, we learned a highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from certain F5 systems”, reads the company’s statement. “Threat actor exfiltrated files from our BIG-IP product development environment and engineering knowledge management platforms. These files contained some of our BIG-IP source code and information about undisclosed vulnerabilities we were working on in BIG-IP.”
The company has taken several steps to remediate the issue: Rotated credentials and strengthened access controls across our systems. Deployed improved inventory and patch management automation, as well as additional tooling to better monitor, detect, and respond to threats. Implemented enhancements to F5’s network security architecture. Hardened F5’s product development environment, including strengthening security controls and monitoring of all software development platforms. Released updates for its BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients.
The European Union Agency for Cybersecurity, ENISA, has published its 13th annual report on the state of the cybersecurity threat landscape. The report covers the period of July 1, 2024 to June 30, 2025 and is based on 4,875 incidents.
The main points in the report are:
Intrusion activity remains significant, with ransomware at its core.
State-aligned threat groups intensified their long-term cyberespionage campaigns against the telecommunications, logistics networks and manufacturing sectors in the EU.
Hacktivist activity continues to dominate reporting, representing almost 80% of recorded incidents and driven primarily by low-level distributed denial-of-service operations.
Public administration networks remain the primary focus (38%).
Phishing remains the dominant intrusion vector (60%) and is evolving through techniques used in largescale campaigns.
Vulnerability exploitation remains a cornerstone of initial access (21.3%), with widespread campaigns rapidly weaponizing them within days of their disclosure.
Artificial intelligence has become a defining element of the threat landscape, with AI supported phishing campaigns reportedly represented more than 80 percent of observed social engineering activity worldwide, with adversaries leveraging jailbroken models, synthetic media and model poisoning techniques to enhance their operational effectiveness.
The UK government is providing a support package of £1.5 billion ($1.75 billion) loan guarantee with Jaguar Land Rover to support its supply chain, following a massive data breach that was disclosed on September 2, 2025.
The UK government explained that its decision is to protect JLR’s supply chain, safeguard jobs, and stabilize the auto sector after the cyberattack severely disrupted operations. Production was halted for over 5 weeks.
The UK government highlighted JLR’s key role as a top exporter, employing 34,000 directly in its UK operations and supporting 120,000 jobs through its large automotive supply chain.
The UK government also committed £2 billion capital and R&D funding for the auto sector to 2030, and an additional £500 million to extend the R&D support for the industry to 2035
The loan from a commercial bank will be paid back over 5 years.
For manufacturing leaders, there is one simple, crucial lesson to take away from the JLR cyber attack: security is a strategic imperative, not a nice-to-have.
Luxury giants Gucci, Balenciaga, and Alexander McQueen have suffered a data breach that leaked the personal information of millions of customers.
Paris, France-based company Kering, which owns the luxury brands, disclosed that an attacker breached its systems and accessed limited customer data in June 2025.
Notorious hacking group ShinyHunters has taken responsibility for the data breach, claiming they obtained 7.4 million unique email addresses.
According to databreaches.net, the cybercrime group stole 43 million Gucci data records, and 13 million records from Balenciaga, Brioni, and Alexander McQueen.
The data breach exposed customer names, phone numbers, email addresses, physical addresses, dates of birth, and the total amount each customer spent at Kering-owned stores worldwide. Customer financial information, such as bank account numbers and credit card details, were not leaked.
Still, exposing customers’ total purchases exposes them to targeted phishing attacks.
UK train operator LNER (London North Eastern Railway) reported a data breach through a third-party supplier, compromising customer contact details and other personal information.
LNER is a British train operator running passenger services on the East Coast Main Line, connecting London with major cities such as Leeds, York and Edinburgh. It operates high-speed and long-distance routes, providing intercity rail transport across northern and eastern England and Scotland.
In a September 10, 2025 statement, LNER said: “We have been made aware of unauthorised access to files managed by a third-party supplier, which involves customer contact details and some information about previous journeys.”
“No bank, payment card or password information has been affected”, said LNER.
Ticket sales and train operations were not impacted.
LNER didn’t provide further technical details about the attack.
More than 2.5 billion Gmail users are at risk following a massive cyberattack that compromised a Google database managed through Salesforce’s cloud platform. Google disclosed that a cybercriminal group known as the ShinyHunters hacked a database of their accounts through the cloud-based software provider Salesforce
The attack, which began in June 2025, used social engineering tactics. According to Google’s Threat Intelligence Group (GTIG), scammers impersonated IT staff using phone calls and persuaded a Google employee to approve a malicious application connected to Salesforce. This gave attackers the ability to exfiltrate contact details, business names, and related notes.
Google has confirmed that no user passwords were stolen, but the stolen data is already being abused.
What can you do ?
Update your password to a long, complex password
Use two factor authentication on applications that offer it
A new type of threat is alarming the world of cybersecurity. It is called Man-in-the-Prompt, and it is capable of compromising interactions with leading generative Artificial Intelligence tools such as ChatGPT, Gemini, Copilot, Claude, and DeepSeek. The challenge? It doesn’t even require a sophisticated attack: all it takes is a browser extension that doesn’t even need any special privileges.
LayerX’s research shows that any browser extension, even without any special permissions, can access the prompts of both commercial and internal LLMs and inject them with prompts to steal data, exfiltrate it, and cover their tracks.
The exploit has been tested on all top commercial LLMs, with proof-of-concept demos provided for ChatGPT and Google Gemini.
This exploit stems from the way most GenAI tools are implemented – in the browser. When users interact with an LLM-based assistant, the prompt input field is typically part of the page’s Document Object Model (DOM). This means that any browser extension with scripting access to the DOM can read from, or write to, the AI prompt directly.
Bad actors can leverage malicious or compromised extensions to perform prompt injection attacks, extract data directly from the prompt, response, or session, or compromise model integrity.
How can you protect yourself ?
Don’t install extensions from unknown or unreliable sources.
Regularly check installed extensions and uninstall those that aren’t needed.
During the first six months of 2025, WhatsApp has taken down 6.8 million accounts that were “linked to criminal scam centers” targeting people online around that world, said its parent company Meta in an August 5, 2025 statement.
“Some of the most prolific sources of scams are criminal scam centers, often fueled by forced labor and operated by organized crime primarily in Southeast Asia.” “Based on our investigative insights into the latest enforcement efforts, we proactively detected and took down accounts before scam centers were able to operationalize them.”, the statement continues.
Recently WhatsApp, Meta and OpenAI disrupted scams efforts which we were able to link to a criminal scam center in Cambodia. These attempts ranged from offering payments for fake likes to enlisting others into a rent-a-scooter pyramid scheme, or luring people to invest in cryptocurrency.
WhatsApp is rolling out two new anti-scam tools to protect its users. A new safety overview will appear when someone who is not one of your contacts adds you to unknown groups, allowing users to review the details before deciding to stay or leave. Notifications remain silenced until users mark to stay. For one-on-one chats, WhatsApp is testing warnings when people not in your contacts initiate a message, offering more context to help users pause and think before engaging. These features help counter common scam tactics at scale and keep users safer on the platform.
