SecurityWeek

SecurityWeek is a reliable source for news and articles from experts in information security. It is well-respected among senior information security leaders, researchers, and service providers. The content on SecurityWeek emphasizes strategies, methods, research, and data related to security. Additionally, it covers topics such as online privacy, compliance, cybercrime, and emerging security trends.

International

English

Online/Digital

Outlet metrics

Domain Authority

Ranking

Global

#143651

United States

#68216

Computers Electronics and Technology/Computer Security

#179

Traffic sources

Monthly visitors

Articles

Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider

1 week ago | securityweek.com | Eduard Kovacs

Cloudflare recently blocked yet another record-breaking distributed denial-of-service (DDoS) attack, which peaked at 7.3 terabits per second (Tbps). Previous record-breaking DDoS attacks seen by Cloudflare reached 5.6 Tbps and 6.5 Tbps. Cybersecurity blogger Brian Krebs reported last month that his website had been targeted in a 6.3 Tbps attack. The 7.3 Tbps DDoS attack, seen by Cloudflare in mid-May, lasted only 45 seconds and it was aimed at a hosting provider.
Godfather Android Trojan Creates Sandbox on Infected Devices

1 week ago | securityweek.com | Ionut Arghire

A recent version of the Godfather Android trojan is deploying a sandbox on the infected devices to hijack banking and cryptocurrency applications, mobile security firm Zimperium warns. Active since at least June 2021 and believed to be based on leaked Anubis banking trojan code, Godfather is known for targeting hundreds of banking and cryptocurrency applications worldwide with web overlays.
Motors Theme Vulnerability Exploited to Hack WordPress Websites

1 week ago | securityweek.com | Ionut Arghire

Mass exploitation of a critical-severity vulnerability in the Motors theme for WordPress started several weeks after public disclosure, WordPress security firm Defiant warns. The Motors theme is aimed at automotive dealership businesses, including car, motorcycle, boat, and car rental dealers, offering pre-built websites and templates, and support for listing, user and dealer management.
FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks

1 week ago | securityweek.com | Eduard Kovacs

Meta-owned WhatsApp told SecurityWeek that a recent FreeType vulnerability, flagged as potentially exploited at the time of disclosure, has been linked to an exploit of Israeli surveillance solutions provider Paragon. In mid-March, Meta published an advisory on the Facebook security advisories page to inform users about CVE-2025-27363, an out-of-bounds vulnerability in the FreeType open source library that could lead to arbitrary code execution.
Cloudflare Tunnels Abused in New Malware Campaign

1 week ago | securityweek.com | Ionut Arghire

Securonix has uncovered a malware distribution campaign that abuses Cloudflare Tunnel to host payloads on attacker-controlled subdomains. Dubbed Serpentine#Cloud, the campaign relies on a complex infection chain involving shortcut (LNK) files and obfuscated scripts to deliver a Python-based loader that can execute a Donut-packed PE payload in memory.
161,000 People Impacted by Krispy Kreme Data Breach

1 week ago | securityweek.com | Eduard Kovacs

Krispy Kreme has revealed that the data breach resulting from the ransomware attack that targeted the company in late 2024 impacted more than 161,000 people. The donut and coffee retail chain disclosed the cyberattack, which led to operational disruptions, on December 11. The Play ransomware group later took credit for the attack, claiming to have stolen corporate documents and personal information.
Hackers Access Legacy Systems in Oxford City Council Cyberattack

1 week ago | securityweek.com | Ionut Arghire

Oxford City Council in the United Kingdom (UK) is notifying current and former employees that their personal information was likely compromised in a recent cyberattack. The incident, the council says, occurred over the weekend of June 7 and 8, when it detected suspicious activity within its network. “Our automated security systems kicked in, removed the presence and minimized the access the attackers had to our systems and databases,” the council said in an incident notice.
Predatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War

1 week ago | securityweek.com | Ryan Naraine

More than $90 million in Bitcoin, Ether, Dogecoin and other coins vanished from Iran’s Nobitex exchange as hackers tied to the Israeli-linked Predatory Sparrow group took credit for an audacious strike that thrust the Israel-Iran cyber shadow war onto center stage.
New Campaigns Distribute Malware via Open Source Hacking Tools

1 week ago | securityweek.com | Ionut Arghire

Security researchers at Trend Micro and ReversingLabs have uncovered two fresh campaigns targeting red teams, novice cybercriminals, and developer environments via trojanized open source hacking tools. Attributed by Trend Micro to a threat actor named Water Curse, one of the campaigns involved at least 76 GitHub accounts linked to repositories that had malicious payloads injected into build scripts and project files.
Chain IQ, UBS Data Stolen in Ransomware Attack

1 week ago | securityweek.com | Ionut Arghire

Swiss procurement service provider Chain IQ has confirmed falling victim to a cyberattack that led to the theft of customer data. The Zug, Switzerland-based firm says it learned of the incident after a threat actor published data allegedly stolen from its systems on the dark web. “On June 12, 2025, Chain IQ, along with 19 other companies, was the target of a cyberattack that had never before been seen on a global scale. This cyberattack resulted in data theft.