[tomek@vz]

Citiraj:

Security experts warn that a significant portion of servers and data center products made by Supermicro could be vulnerable to attacks by resourceful cybercriminals working remotely. Worse yet, a successful breach could turn the infection into an invisible threat that no security software would be able to detect.
A critical component soldered onto Supermicro motherboards for server products is affected by two newly discovered vulnerabilities, and a working patch may take some time to become available. Discovered by security analysts at Binarly, the flaws stem from an incomplete patch Supermicro released in January to address another firmware issue in the same component.

> Techspot


---

Citiraj:

Cloudflare blocked the largest-ever DDoS attack against a European network infrastructure company, which peaked at 22.2 Tbps and 10.6 Bpps. The hyper-volumetric attack has been linked to the Aisuru botnet and lasted just 40 seconds, but was double the size of the previous record. SecurityWeek reports: Cloudflare told SecurityWeek that the attack was aimed at a single IP address of an unnamed European network infrastructure company. Cloudflare has yet to determine who was behind the attack, but believes it may have been powered by the Aisuru botnet, which was also linked earlier this year to a massive 6.3 Tbps attack on the website of cybersecurity blogger Brian Krebs. Aisuru has been around for more than a year. The botnet is powered by hacked IoT devices such as routers and DVRs that have been compromised through the exploitation of known and zero-day vulnerabilities.

According to Cloudflare, the 22 Tbps attack was traced to over 404,000 unique source IPs across over 14 ASNs worldwide. "Based on internal analysis using a proprietary system, the source IPs were not spoofed," the company explained. The security firm described it as a UDP carpet bomb attack targeting an average of 31,000 destination ports per second, with a peak of 47k ports, all of a single IP address. Cloudflare revealed in July that the number of DDoS attacks it blocked in the first half of 2025 had already exceeded all the attacks mitigated in 2024.