Cloudflare has successfully defended against the largest distributed denial-of-service (DDoS) attack ever recorded, a 35-second flood that peaked at 11.5 terabits per second.

A new report from AI startup Anthropic warns that cybercriminals are weaponizing AI assistants in increasingly sophisticated ways. In one case, attackers used Anthropic’s own coding tool, Claude Code, to carry out nearly every stage of a large-scale data extortion campaign targeting at least 17 organizations across multiple industries.

TransUnion has reported a new security breach to law enforcement, stating that hackers gained access through a third-party application used to store customer data for its U.S. consumer support operations.

Mobile security firm Zimperium has issued an alert about a dangerous evolution in mobile malware. Its zLabs research team discovered a new variant of the Hook banking trojan, dubbed Hook Version 3, which goes far beyond stealing banking credentials. The malware now combines features of ransomware, spyware, and traditional bank-hacking tools, giving attackers sweeping control over infected Android devices.

The Canadian Investment Regulatory Organization (Ciro) has confirmed it detected a cybersecurity threat on August 11, prompting the regulator to proactively shut down certain systems as a precaution. Despite the disruption, Ciro emphasized that all critical functions remained operational and real-time equity market surveillance continued without interruption.

In April, Norway’s Police Security Service (PST) reported that pro-Russian hackers seized control of a dam in Bremanger, western Norway, releasing 500 liters of water per second for four hours before being stopped.

Kaspersky has identified a malware campaign involving the Efimer Trojan, a threat first detected in October 2024 and still active into 2025. This Trojan is designed to steal cryptocurrency, compromise WordPress sites, and spread through torrents and targeted phishing emails.