Dramatic Escalation in Frequency and Power of DDoS Attacks
This article details a significant surge in both the frequency and intensity of Distributed Denial-of-Service (DDoS) attacks throughout 2025, based on data from Radware’s 2026 Global Threat Analysis Report.
According to the report, attacks increased by 168% year-over-year, with the technology, telecommunications, and financial sectors being the primary targets. The nature of these threats has evolved to become “faster and stronger,” featuring multi-terabit campaigns and ultra-short duration strikes (often under 60 seconds) that are difficult to intercept before damage occurs. Hacktivism remains the primary driver, often coordinated via Telegram, with pro-Russian groups notably targeting infrastructure in Israel, the United States, and Ukraine.
This escalation highlights the critical need for organizations to adopt proactive, agile defense mechanisms, as traditional reactive measures are increasingly ineffective against these high-speed, automated threats.
Read the original article here
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns
Richard Horne, CEO of the National Cyber Security Centre (NCSC), warns small and medium-sized enterprises (SMEs) against the dangerous assumption that they are too small to be targeted by cybercriminals. Horne emphasizes that attackers are opportunistic and target technical vulnerabilities rather than specific brand names, meaning a company’s small size offers no protection if its defenses are weak. He urges SMEs to implement basic security measures, specifically advocating for the Cyber Essentials certification scheme which covers critical areas like secure configuration, user access control, and malware protection. The NCSC stresses that neglecting these basics is akin to operating without insurance, leaving businesses exposed to potentially devastating financial and operational consequences.
This warning serves as a critical reminder for smaller businesses to prioritize cybersecurity hygiene immediately, as the “security through obscurity” mindset is no longer a viable defense strategy.
Read the original article here
PayPal Discloses Data Breach Exposing User Info for Six Months
PayPal has notified customers of a data breach stemming from a software error in its PayPal Working Capital (PPWC) loan application, which left sensitive personal information exposed for nearly six months.
The breach, discovered on December 12, 2025, allowed unauthorized access to data including names, Social Security numbers, dates of birth, and bank account details between July 1 and December 13, 2025. PayPal stated they have fixed the code error, refunded unauthorized transactions for a small number of affected users, and are offering two years of free credit monitoring. The company has reset passwords for impacted accounts but has not disclosed the total number of affected customers.
This incident serves as a stark reminder of the risks associated with application vulnerabilities and the necessity for rigorous code testing, as even minor errors can lead to long-term exposure of highly sensitive financial data.
Read the original article here
Ukrainian National Sentenced for Facilitating North Korean IT Worker Fraud
A 29-year-old Ukrainian national, Oleksandr Didenko, has been sentenced to five years in prison for running a scheme that helped North Korean IT workers secure remote employment at U.S. companies. Didenko created accounts on freelance IT job platforms using false identities and stolen credentials, allowing North Korean nationals to pose as non-sanctioned workers and generate revenue for their government’s illicit programs. This sentencing serves as a stark reminder of the sophisticated “insider threat” posed by nation-state actors and the importance of rigorous identity verification in remote hiring processes.