Amid growing criminal activity, Darktrace has uncovered a new campaign using the ShadowV2 botnet. Researchers detected malicious activity on June 24, 2025, when their honeypots were activated. This system relies on a Trojan horse written in Go that turns compromised Amazon Web Services cloud containers into fully-fledged nodes for DDoS attacks. ShadowV2 is unique in that it exploits vulnerable Docker instances running on AWS EC2 virtual machines . The first step in the infection is the deployment of a helper container based on an Ubuntu image, which automatically installs the necessary tools. Next, a separate container is created with a pre-compiled ELF

GitHub has announced major changes to its npm authentication and publishing system, aimed at strengthening protection against supply chain attacks. The updates were prompted by the recent Shai-Hulud campaign, a malicious, self-propagating worm embedded in hundreds of npm libraries. Not only did it replicate itself in other packages, but it also scanned developers’ devices for sensitive data, including keys and tokens, and transmitted it to attackers. In response to the incident, GitHub announced that it would soon eliminate legacy permission mechanisms and introduce stricter controls. Key changes include mandatory two-factor authentication for local publishing and the move to short-lived tokens with a

Google DeepMind researchers have released an updated version of their AI risk assessment framework, Frontier Safety Framework 3.0 . This paper examines how generative models can run amok and pose a threat . It considers scenarios in which the AI ignores users’ attempts to stop it. DeepMind’s approach is based on so-called “Critical Capability Levels” (CCLs) . This is a scale for assessing the point at which a model’s behavior becomes dangerous, for example in cybersecurity or biotechnology. The document describes the steps developers should take when their systems reach a certain level of risk. The researchers cite the model’s potential for

U.S. intelligence agencies have reported discovering and seizing a network of telecommunications equipment in the New York area capable of disrupting mobile phone service. The devices were located near the United Nations General Assembly , which was attended this week by dozens of world leaders. According to the agency, the network included more than 100,000 SIM cards and approximately 300 servers . The equipment allowed the sending of anonymous encrypted messages and could interfere with emergency services . According to one official, the system was capable of sending up to 30 million text messages per minute and the Secret Service had never

Mozilla has introduced a new feature for Firefox add-on developers that allows them to quickly revert to a previously approved version and fix critical issues in situations where fixing and revalidating the extension would take too long. The new logic allows users to make a recent update unavailable for installation, and if automatic updates are enabled, the browser will automatically roll back the extension to the previous build within 24 hours for users who have already installed the affected version. Rollbacks are performed by republishing the old build with a new release number and distributing it via the Developer Hub or the

Kaspersky Lab researchers have discovered advertisements on the darknet offering the ability to create video and audio deepfakes in real time . The price of this service depends on the complexity and length of the fake content, starting at $50 for videos and $30 for voice deepfakes. Researchers had previously discovered offers for creating deepfakes on the darknet. However, attackers are now offering the ability to generate fake voice and visual content in real time, and the cost of such services has decreased: in 2023 alone, the cost of creating a single minute of deepfake video reached $20,000. “On darknet platforms, we’re

Cybercriminals have launched a large-scale campaign against macOS users, disguising malware as popular programs. LastPass reported this, having discovered that its product had also been spoofed . The malware is being distributed via fake GitHub repositories optimized for search engines, allowing it to appear at the top of Google and Bing search results. The attack uses the ClickFix scheme: the victim is asked to enter a command into the terminal, supposedly to install an application. In reality, the victim executes a curl request to an encrypted URL and downloads the install.sh script to the /tmp directory . This file installs the Atomic

Cloudflare has announced that it independently managed an unprecedented Distributed Denial-of-Service (DDoS) attack, the largest ever seen. The hypervolumetric attack reached an unprecedented peak of 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps ), setting an alarming new benchmark for the scale of cyber threats. This attack signals a significant escalation in the capabilities of malicious actors and the botnets they control . The previous record was an 11.5 terabit per second UDP flood attack. This attack lasted 35 seconds. The record-breaking attack was notable not only for its size but also for its brevity. The entire event