CHILLYHELL macOS malware, notarized since 2021, exposed May 2025 with flexible persistence and C2 evasion tactics.

Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release.
Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to privilege escalation, followed by remote code execution (22), information disclosure (14), and denial-of-service.
“For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws,” Satnam Narang, senior staff research engineer at Tenable, said. “Nearly 50% (47.5%) of all bugs this month are privilege escalation vulnerabilities.”
A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion packets per second.
The attack originated from thousands of IoTs and MikroTik routers, and it was mitigated by FastNetMon, a company that offers protection against service disruptions.
“The attack reached 1.5 billion packets per second (1.5 Gpps) — one of the largest packet-rate floods publicly disclosed,” FastNetMon says in a press release.
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but the attacker made little profit off it.
The attack occurred earlier this week after maintainer Josh Junon (qix) fell for a password reset phishing lure and compromised multiple highly popular NPM packages, among them chalk and degub-js, that cumulatively have more than 2.6 billion weekly downloads.
After gaining access to Junon’s account, the attackers pushed malicious updates with a malicious module that stole cryptocurrency by redirecting transactions to the threat actor.
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet.
The activity was first reported in June by cybersecurity company Trend Micro. whose researchers analyzed scripts and malicious code that dropped a cryptominer and relied on the Tor network to hide their identity.
Akamai researchers discovered new tooling that does not deploy a miner but a more complex payload that can block access to compromised Docker APIs.