Attack Blog 2025- 2026 2025 2024 2023 2022 2021 2020 2019 2018
APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
| 7.12.25 | Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets | Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025. | Attack blog | CLOUDFARE |
|
6.12.25 |
This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application. MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. |
|||
|
6.12.25 |
In November 2025, security researchers at Cato Networks disclosed a novel indirect prompt injection technique they named ‘HashJack’. This attack method exploits the URL fragment to embed malicious instructions that may be executed by AI browser assistants. Because the URL fragment is processed only on the client-side and is not sent to the web server, this attack bypasses traditional network and server-side security controls like Web Application Firewalls (WAFs), Intrusion Prevention Systems (IPS), and server logs. |
|||
| 29.11.25 | Analysis of a Large-Scale DDoS Attack Against a Payment Processing Platform | On Saturday, September 13, 2025, a major Distributed Denial-of-Service (DDoS) attack targeted a European payment processing platform, prompting response and mitigation efforts by the F5 Security Operations Center (SOC). | Attack blog | F5 LABS |
| 29.11.25 | Fallacy Failure Attack | Welcome to our AI Security Insights for November 2025. These insights are drawn from F5 Labs’ Comprehensive AI Security Index (CASI) and Agentic Resistance Scoring (ARS), which together provide rigorous, empirical measurement of model security and agentic attack resilience. | Attack blog | F5 LABS |
| 13.9.25 | SEO Poisoning Attack Targets Chinese-Speaking Users with Fake Software Sites | FortiGuard Labs uncovered an SEO poisoning campaign targeting Chinese users with fake software sites delivering Hiddengh0st and Winos malware. | Attack blog | FORTINET |
| 17.8.25 | From ClickFix to Command: A Full PowerShell Attack Chain | A regionally targeted PowerShell-based campaign used phishing lures, obfuscation, and RAT delivery to infiltrate Israeli organizations. Learn how the attack chain worked—and how Fortinet blocked it. | Attack blog | FORTINET |
| 17.8.25 | BadCam: Now Weaponizing Linux Webcams | Eclypsium researchers have discovered vulnerabilities in USB webcams that allow attackers to turn them into BadUSB attack tools. This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system. | Attack blog | Eclypsium |
| 17.8.25 | GPUHammer Vulnerability: The Security Growing Pains of AI Infrastructure | The recent disclosure of GPUHammer vulnerabilities targeting NVIDIA GPU memory represents more than just another security flaw—it’s a clear signal that AI infrastructure faces fundamental security challenges that demand immediate attention. | Attack blog | Eclypsium |
| 28.6.25 | CrowdStrike Researchers Investigate the Threat of Patchless AMSI Bypass Attacks | Adversaries have employed various tactics to bypass Windows’ AMSI security feature, but such attacks are noisy, meaning they can be detected by monitoring security products | Attack blog | CROWDSTRIKE BLOG |
| 20.6.25 | Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack | In mid-May 2025, Cloudflare blocked the largest DDoS attack ever recorded: a staggering 7.3 terabits per second (Tbps). | Attack blog | blog.cloudflare |
| 14.6.25 | BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA | In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s process. This vulnerability was discovered while analyzing a recent sample of the DEEPDATA malware family. | Attack blog | VELOXITY |
| 10.5.24 | Multilayered Email Attack: How a PDF Invoice and Geo-Fencing Led to RAT Malware | FortiGuard Labs highlights a malware campaign's increasing sophistication of attack methodologies, leveraging the legitimate functionalities of remote administration tools for malicious purposes. | Attack blog | FOTINET |
| 19.4.25 | The Top Firmware and Hardware Attack Vectors | As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. | Attack blog | Eclypsium |
| 19.4.25 | The Expanding Attack Surface: Ways That Attackers Compromise Trusted Business Communications | The modern workplace has expanded beyond email. Attackers now exploit collaboration tools, supplier relationships and human trust to bypass defenses and compromise accounts. This five-part blog series raises awareness around these shifting attack tactics. And it introduces our holistic approach to protecting users. | Attack blog | PROOFPOINT |
| 19.4.25 | Attacks on the education sector are surging: How can cyber-defenders respond? | Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk? | Attack blog | |
| 12.4.25 | Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI | Exchange Server and SharePoint Server are business-critical assets and considered crown jewels for many organizations, making them attractive targets for attacks. | Attack blog | Microsoft blog |