Featured Story
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
Summary
Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps).
The activity originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year.
The attack lasted for 69 seconds, and involved a “UDP carpet-bombing attack bombarding an average of 15,000 destination ports per second,” with packet attributes randomized to evade defenses.
Cloudflare says AISURU is believed to be powered by a massive network comprising an estimated 1–4 million infected hosts worldwide.
Other News
Critical React, Next.js flaw lets hackers execute code on servers
Summary
A high severity vulnerability, dubbed React2Shell, in the React Server Components (RSC) “Flight” protocol allows remote code execution without authentication in React and Next.js applications.
The issue comes from insecure deserialization. The flaw is rated 10/10 in severity and is tracked as CVE-2025-55182 for React and CVE-2025-66478 for Next.js.
An attacker can achieve remote code execution by sending a specially crafted HTTP request to React Server Function endpoints. Even applications that do not implement Server Function endpoints may still be vulnerable if they support React Server Components.
The vulnerable packages in their default configuration include react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack.
All public-facing React or Next.js apps using the vulnerable packages should be audited immediately and patched.
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
Summary
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company’s November 2025 Patch Tuesday updates.
The vulnerability, tracked as CVE-2025-9491, is a Windows Shortcut (.LNK) file UI misinterpretation bug that can lead to remote code execution.
The issue occurs because crafted data inside an .LNK file can hide malicious commands when a user checks the file’s properties, using whitespace or by truncating long command strings so only the first 260 characters appear.
According to the article, several state-sponsored groups from China, Iran, North Korea and Russia exploited the flaw since 2017 for espionage and malware delivery, including PlugX and XDigo.
The silent patch forces Windows to always display the full “Target” command in the Properties window, preventing attackers from hiding malicious arguments beyond the 260-character limit.
Organizations should ensure the patch is applied everywhere and continue to treat shortcut files as potential threat vectors, even when they appear harmless.
Fraudulent emails are currently circulating in the name of the Flemish Parliament
Summary
Safeonweb warns that scammers are sending fraudulent emails that falsely use the name of Flemish Parliament to mislead recipients.
These messages attempt to make the communication appear official in order to deceive individuals.
Suspicious messages can be forwarded to any of the three email addresses from Safeonweb.
verdacht@safeonweb.be
suspect@safeonweb.be
suspicious@safeonweb.be
Our SOC is also available to assist in case there are any doubts or suspicions about text or mail messages.