GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
Get the latest international news and world events from around the world.
Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security
Two Supermicro BMC flaws (CVE-2025–7937, 6198) bypass signature checks, risking persistent server compromise
U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN
The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten U.S. government officials and posed an imminent threat to national security.
“This protective intelligence investigation led to the discovery of more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites,” the Secret Service said.
The devices were concentrated within a 35-mile (56 km) radius of the global meeting of the United Nations General Assembly in New York City. An investigation into the incident has been launched by the Secret Service’s Advanced Threat Interdiction Unit.
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest.
The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web Services (AWS) cloud servers to deploy a Go-based malware that turns infected systems into attack nodes and co-opt them into a larger DDoS botnet. The cybersecurity company said it detected the malware targeting its honeypots on June 24, 2025.
“At the center of this campaign is a Python-based command-and-control (C2) framework hosted on GitHub Codespaces,” security researcher Nathaniel Bill said in a report shared with The Hacker News.
Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack
Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps).
DDoS attacks typically exhaust either system or network resources, aiming to make services slow or unavailable to legitimate users.
Record-breaking DDoS attacks are becoming more frequent, as just three weeks ago, Cloudflare disclosed that it mitigated a massive 11.5 Tbps and 5.1 Bpps attack, the largest publicly announced at the time.
Boyd Gaming discloses data breach after suffering a cyberattack
US gaming and casino operator Boyd Gaming Corporation disclosed it suffered a breach after threat actors gained access to its systems and stole data, including employee information and data belonging to a limited number of other individuals.
Boyd Gaming is a public US casino entertainment company with 28 gaming properties in ten states, including Nevada, Illinois, Indiana, Iowa, Kansas, Louisiana, Mississippi, Missouri, Ohio, and Pennsylvania, and the management of a tribal casino in northern California. The firm employs over 16,000 people and had an annual revenue of $3.9 billion in 2024.
In a Tuesday evening FORM 8-K filing with the SEC, Boyd Gaming disclosed it recently suffered a cyberattack in which attackers gained access to its systems.
WhatsApp adds message translation to iPhone and Android apps
WhatsApp has started rolling out a new translation feature that enables Android and iPhone users to translate messages in chats, groups, and channel updates.
While iOS users can only use it to translate manually after tapping ‘Translate,’ Android users will also be able to enable automatic translation, allowing all messages in a chat thread to be translated without having to tap each one individually.
“We’re rolling out message translations to Android and iPhone users gradually from today, in a few select languages to start with more to follow,” the company said on Tuesday.
Libraesva ESG issues emergency fix for bug exploited by state hackers
Libraesva rolled out an emergency update for its Email Security Gateway (ESG) solution to fix a vulnerability exploited by threat actors believed to be state sponsored.
The email security product protects email systems from phishing, malware, spam, business email compromise, and spoofing, using a multi-layer protection architecture.
According to the vendor, Libraesva ESG is used by thousands of small and medium businesses as well as large enterprises worldwide, serving over 200,000 users.