VulnHub

During the Milano Cortina 2026 Winter Games, which took place from February 6 to February 23, there was a significant increase in Distributed Denial of Service (DDoS) attacks. Researchers reported that the volume of attacks surged to six to ten times higher than historical levels, with a notable peak of over 2,200 attacks occurring on February 23. This spike in activity indicates that attackers were likely targeting the event's online infrastructure, which could disrupt services for attendees and viewers. The surge in DDoS attacks during such a high-profile event raises concerns for organizations involved in the games, as they need to bolster their cybersecurity measures to protect against these disruptions. Ensuring the integrity of digital platforms is crucial for both the event's success and the safety of participants and spectators.

A DDoS attack has disrupted services for Ubuntu and Canonical, with the hacktivist group known as The Islamic Cyber Resistance in Iraq 313 Team claiming responsibility. They reportedly employed a DDoS-for-hire service named Beamed to carry out the attack. This incident highlights the vulnerabilities of major tech platforms to such attacks, which can lead to significant service outages and impact users relying on these systems. The ongoing nature of the attack suggests that it could continue to affect services for an indefinite period, raising concerns about the security and resilience of online infrastructure. Users and organizations relying on Ubuntu and Canonical services should be aware of potential disruptions and consider contingency plans.

Hackers are exploiting poorly configured Jenkins servers to launch a distributed denial-of-service (DDoS) attack against gaming servers, particularly targeting infrastructure associated with Valve Corporation. This attack leverages the Jenkins automation server, which is often used for continuous integration and deployment. Misconfigurations in these servers make it easier for attackers to gain unauthorized access and deploy their botnets. The implications are significant for gamers and the gaming industry, as DDoS attacks can disrupt services and lead to extended downtimes. Companies operating gaming platforms need to ensure their Jenkins servers are properly secured to mitigate the risk of such attacks in the future.

A Brazilian tech company, which specializes in DDoS protection, has been implicated in enabling a botnet that has targeted other internet service providers in Brazil with massive DDoS attacks. The CEO of the firm claims that these attacks stemmed from a security breach and suggested that a rival company might be behind the malicious activities to damage his firm's reputation. This situation raises serious concerns about the integrity of cybersecurity firms and their ability to protect clients. It also highlights the potential for internal issues or competition to lead to significant disruptions in the tech industry. The ongoing attacks could impact the reliability of internet services for many users and businesses in Brazil.

A new campaign linked to the Mirai malware is exploiting a serious command-injection vulnerability in D-Link DIR-823X routers, identified as CVE-2025-29635. This vulnerability allows attackers to take control of the routers and integrate them into a botnet. Users of these routers are at risk as their devices can be hijacked for malicious purposes, including launching distributed denial-of-service (DDoS) attacks. This situation is particularly concerning since the affected routers are at the end of their life cycle, meaning they are unlikely to receive security updates. It’s crucial for users to be aware of this exploit and take necessary precautions to secure their networks.

Mastodon experienced a significant DDoS attack shortly after Bluesky faced a similar disruption. Both platforms, which serve as decentralized social networking sites, were temporarily knocked offline due to these attacks. Mastodon managed to restore its services within a few hours, but the timing of these incidents raises concerns about the security of emerging social media platforms. DDoS attacks can severely impact user experience and trust, making it crucial for these services to enhance their defenses against such threats. Users and developers alike should remain vigilant as these incidents highlight the ongoing challenges in securing online communication tools.

Mastodon, a popular decentralized social media platform, recently experienced a significant DDoS (Distributed Denial of Service) attack that resulted in a major outage. The attack disrupted services for users, but the Mastodon team managed to mitigate the impact within just a few hours. This incident follows a similar attack on Bluesky, another social media platform, raising concerns about the security of these emerging online spaces. DDoS attacks can overwhelm servers with traffic, making services unavailable to legitimate users, which can erode trust and lead to user migration. The quick response from Mastodon demonstrates their commitment to maintaining service availability, but it also highlights the ongoing risks faced by platforms that rely on decentralized architectures.

Bluesky, a social media platform, experienced a significant disruption due to a DDoS attack that lasted approximately 24 hours. The attack was claimed by a group known as the 313 Team, which is linked to Iran. Fortunately, the company reported that no user data was compromised during the incident. This attack raises concerns about the vulnerability of online platforms to such disruptions, especially as geopolitical tensions can lead to cyberattacks targeting specific services. Users and organizations that rely on Bluesky for communication and engagement should remain vigilant about potential future attacks.

Mastodon, a decentralized social media platform, experienced a distributed denial-of-service (DDoS) attack that began early Monday morning. The attack disrupted the functionality of its flagship server, impacting users who rely on the platform for communication and social interaction. Mastodon confirmed that they were investigating the incident around 7 a.m. ET. DDoS attacks can overwhelm a server with traffic, making it unavailable to legitimate users, which raises concerns about the platform's reliability and security. This incident highlights the ongoing challenges that online services face in protecting against cyber threats.

A significant crypto heist has taken place, resulting in a loss of approximately $290 million from Kelp DAO. The attack is attributed to North Korean hackers who exploited vulnerabilities in LayerZero’s DVN by compromising specific Remote Procedure Calls (RPCs) and launching Distributed Denial of Service (DDoS) attacks on others. This strategy forced the system to switch over to compromised infrastructure, allowing the attackers to siphon off funds. This incident raises alarms within the cryptocurrency community, highlighting the ongoing threat posed by state-sponsored hackers and the need for enhanced security measures in decentralized finance. As crypto continues to grow, incidents like this can undermine user trust and have broader implications for the market.

Bluesky, a decentralized microblogging platform, was hit by a 24-hour Distributed Denial of Service (DDoS) attack that began on April 15. The attack led to significant service disruptions, impacting users who rely on the platform for communication and information sharing. A pro-Iran hacker group has claimed responsibility for this attack, indicating a possible politically motivated cyber incident. DDoS attacks can overwhelm a service with traffic, rendering it unavailable to legitimate users, which raises concerns about the platform's security and its ability to handle such threats in the future. This incident serves as a reminder of the ongoing risks facing online platforms, especially those involved in social discourse.

Bluesky, a social media platform, was hit by a significant distributed denial-of-service (DDoS) attack that lasted around 24 hours. A pro-Iran hacker group has claimed responsibility for this disruption. Users experienced difficulties accessing the platform during the attack, impacting their ability to communicate and interact online. This incident raises concerns about the security of social media platforms and the potential for politically motivated cyberattacks to affect users worldwide. As cyber threats become more sophisticated, it emphasizes the need for companies to bolster their defenses against such attacks.