Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors

Source: https://thehackernews.com/2025/07/hyper-volumetric-ddos-attacks-reach.html

The reported security threat involves hyper-volumetric Distributed Denial of Service (DDoS) attacks reaching unprecedented volumes of 7.3 terabits per second (Tbps). These attacks leverage large-scale botnets to flood targeted networks and services with massive amounts of traffic, overwhelming their capacity to respond and causing service outages or severe degradation. The term 'hyper-volumetric' highlights the extraordinary scale of these attacks, which surpass typical volumetric DDoS events by a significant margin. Such attacks typically exploit weaknesses in network infrastructure, including Internet Service Providers (ISPs), Content Delivery Networks (CDNs), and critical online services, by saturating bandwidth and exhausting resources. The targets mentioned are key global sectors, which often include finance, telecommunications, government, and critical infrastructure, indicating a strategic intent to disrupt essential services. The source of this information is a recent post on Reddit's InfoSecNews subreddit, referencing a report from The Hacker News, a reputable cybersecurity news outlet. While no specific vulnerabilities or exploits are detailed, the threat is characterized by the scale and potential impact of the DDoS attacks rather than a software flaw. The absence of known exploits in the wild suggests this is an emerging trend or a recent escalation in attack magnitude rather than a newly discovered vulnerability. The minimal discussion level and low Reddit score imply limited community engagement so far, but the newsworthiness score and trusted source lend credibility to the report. Overall, this threat represents a significant evolution in DDoS capabilities, posing a serious risk to network availability and operational continuity for organizations worldwide.

Reddit InfoSec News

Detailed information about Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors. Get real-time updates, technical details, and miti

Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors - Live Threat Intelligence - Threat Radar | OffSeq.com

Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors

Reddit Discussion: Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

Source: https://thehackernews.com/2025/07/newly-emerged-global-group-raas-expands.html

The reported threat involves a newly emerged ransomware-as-a-service (RaaS) group, referred to as GLOBAL GROUP, which is expanding its operations by integrating AI-driven negotiation tools into its attack campaigns. RaaS is a criminal business model where ransomware developers lease their malware infrastructure to affiliates who carry out attacks, sharing profits. The innovation here is the use of artificial intelligence to automate and optimize ransom negotiations with victims, potentially increasing the efficiency and success rate of extortion attempts. This AI-driven approach can analyze victim responses, tailor negotiation tactics, and dynamically adjust ransom demands, making the ransomware campaigns more adaptive and harder to counteract. Although specific technical details about the ransomware variants, infection vectors, or exploited vulnerabilities are not provided, the campaign is classified as high severity due to the operational expansion and sophistication introduced by AI tools. The lack of known exploits in the wild suggests this is an emerging threat, but the integration of AI in negotiation represents a significant evolution in ransomware tactics, potentially leading to higher financial losses and prolonged downtime for victims. The campaign is currently discussed minimally on Reddit and reported by a trusted cybersecurity news source, indicating early awareness but limited public technical intelligence.

Detailed information about Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools. Get real-time updates, technical details, and mi

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools - Live Threat Intelligence - Threat Radar | OffSeq.com

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

Reddit Discussion: Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

Police disrupt “Diskstation” ransomware gang attacking NAS devices

Source: https://www.bleepingcomputer.com/news/security/police-disrupt-diskstation-ransomware-gang-attacking-nas-devices/

The "Diskstation" ransomware gang is a cybercriminal group that targeted Network Attached Storage (NAS) devices, specifically exploiting vulnerabilities or misconfigurations in these devices to deploy ransomware. NAS devices are specialized file storage units connected to a network, commonly used by businesses and individuals for centralized data storage and backup. The ransomware campaign involved encrypting data stored on these NAS devices, rendering it inaccessible to victims until a ransom is paid. The disruption of this gang by law enforcement indicates that the group had achieved a level of operational capability and impact significant enough to warrant police intervention. Although specific technical details such as the exact attack vectors, exploited vulnerabilities, or ransomware strain used were not disclosed, the targeting of NAS devices suggests exploitation of common NAS security weaknesses such as weak/default credentials, exposed management interfaces, or unpatched firmware vulnerabilities. The lack of known exploits in the wild and absence of patch links implies that the attack may have relied on configuration weaknesses or zero-day vulnerabilities that have not been publicly disclosed. The ransomware's impact is high due to the critical nature of NAS devices in data storage and business continuity. The disruption of the gang likely prevents further infections and provides an opportunity for organizations to review and strengthen their NAS security posture.

Detailed information about Police disrupt “Diskstation” ransomware gang attacking NAS devices. Get real-time updates, technical details, and mitigation strategi

Police disrupt “Diskstation” ransomware gang attacking NAS devices - Live Threat Intelligence - Threat Radar | OffSeq.com

Police disrupt “Diskstation” ransomware gang attacking NAS devices

Reddit Discussion: Police disrupt “Diskstation” ransomware gang attacking NAS devices

Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2025-7657 is a use-after-free vulnerability identified in the WebRTC component of Google Chrome versions prior to 138.0.7204.157. WebRTC (Web Real-Time Communication) is a widely used technology that enables peer-to-peer audio, video, and data sharing directly between browsers without requiring plugins. The vulnerability arises when Chrome improperly manages memory, specifically freeing an object but continuing to use it afterward, leading to heap corruption. An attacker can exploit this flaw by crafting a malicious HTML page that triggers the use-after-free condition. This can potentially allow remote code execution or other unauthorized actions by corrupting the browser's memory space. While no known exploits are currently observed in the wild, the nature of the vulnerability and its location in a critical browser component make it a significant security risk. The vulnerability was publicly disclosed on July 15, 2025, but no CVSS score has been assigned yet. Given the high severity classification by Chromium's security team, the flaw is considered serious and warrants immediate attention. The absence of a patch link in the provided data suggests that users should verify the application of the latest Chrome updates beyond version 138.0.7204.157 to mitigate this risk.

CVE Database V5

Detailed information about CVE-2025-7657: Use after free in Google Chrome affecting Google Chrome. Get real-time updates, technical details, and mitigation stra

CVE-2025-7657: Use after free in Google Chrome - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7657: Use after free in Google Chrome

The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/users.js` doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue.

Detailed information about CVE-2025-53903: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in The-Scratch-Channel t

CVE-2025-53903: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in The-Scratch-Channel the-scratch-channel.github.io - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-53903: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in The-Scratch-Channel the-scratch-channel.github.io

CVE-2025-53903: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in The-Scratch-Channel the-scratch-channel.github.io

CVE-2025-53903: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in The-Scratch-Channel the-scratch-channel.github.io

Description

Technical Details

Related Threats

CVE-2025-7657: Use after free in Google Chrome

CVE-2025-7656: Integer overflow in Google Chrome

CVE-2025-6558: Insufficient validation of untrusted input in Google Chrome

CVE-2025-26186: n/a

CVE-2025-53959: CWE-862 in JetBrains YouTrack

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility