DDoS
-
Palo Alto fixes GlobalProtect DoS flaw tracked as CVE-2026-0227
Palo Alto issued updates for a high-severity GlobalProtect denial-of-service flaw CVE-2026-0227 with CVSS 7.7 on Jan 15, 2026. A proof-of-concept exists and no workarounds are available.
-
La Poste hit by major network incident, digital services disrupted
La Poste said a “major network incident” knocked its information systems offline, disrupting websites and mobile banking for millions while core banking and in-person services remained available; French outlets reported the outage was caused by a DDoS attack.
-
Denmark blames Russia for destructive cyberattack on water utility, names hacker groups
Denmark’s Defence Intelligence Service accused Russia of directing cyberattacks against Danish critical infrastructure, naming Z-Pentest and NoName057(16), and said the activity formed part of a Russian hybrid campaign that has used elections to attract attention.
-
Critical Sneeit WordPress plugin RCE actively exploited, security firm reports
A critical remote code execution flaw (CVE-2025-6389) in the Sneeit Framework WordPress plugin is being exploited in the wild; Wordfence said attackers have created admin accounts and uploaded web shells. The issue affects versions up to 8.3 and was fixed in 8.4. Separately, VulnCheck observed an ICTBroadcast exploit delivering a DDoS botnet called “frost.”
-
Cloudflare mitigates 29.7 Tbps DDoS attack linked to AISURU botnet
Cloudflare said it mitigated a 29.7 Tbps DDoS attack linked to the AISURU botnet; the UDP “carpet-bombing” assault lasted 69 seconds, the target was not disclosed, and the company flagged a rise in large, sophisticated attacks in 2025.
-
Self‑replicating botnet abuses Ray clusters to mine cryptocurrency, steal data and launch DDoS attacks
Researchers say a campaign called ShadowRay 2.0 has been exploiting internet‑facing Ray clusters using CVE‑2023‑48022 and Ray’s orchestration features to spread a self‑replicating botnet that mines cryptocurrency, steals proprietary data and launches DDoS attacks, with attackers targeting large GPU environments and using automated discovery and multi‑stage payloads.
-
Microsoft: Aisuru botnet launched 15.72 Tbps DDoS attack against Azure
Microsoft said the Aisuru botnet launched a 15.72 Tbps UDP flood against a public Azure IP in Australia from over 500,000 IPs, reaching nearly 3.64 billion packets per second; researchers and firms including Qi’anxin and Cloudflare have linked Aisuru to multiple large-scale DDoS campaigns that exploit vulnerable IoT devices and routers.
-
Hezi Rash hacktivist group tied to hundreds of DDoS attacks, Check Point reports
Hezi Rash, a Kurdish nationalist hacktivist group founded in 2023, has been linked by Check Point to about 350 DDoS attacks between August and October 2025 targeting sites in Japan, Turkey, Israel, Iran, Iraq and Germany; analysts say the campaigns are ideologically driven and focus on disruption.
-
Trend Micro: RondoDox botnet campaign expands to exploit more than 50 flaws across 30 vendors
Trend Micro said RondoDox campaigns have widened to exploit more than 50 vulnerabilities across over 30 vendors, using a loader-as-a-service model that bundles RondoDox with Mirai and Morte, and researchers linked the activity to large-scale botnet operations and coordinated RDP attacks.
-
Cloudflare says it blocked largest recorded DDoS attack at 11.5 Tbps
Cloudflare says it blocked the largest recorded volumetric DDoS attack, peaking at 11.5 Tbps and lasting about 35 seconds, with most traffic traced to Google Cloud as the company notes a broader rise in high-volume DDoS campaigns.
