Aisuru botnet sets new DDoS record as hyper-volumetric attacks surge worldwide

Aisuru has rapidly become one of the most disruptive botnets on record, launching more than 1,300 DDoS attacks in just three months and setting a new global peak of 29.7 terabits per second. Built from millions of compromised routers and IoT devices, the botnet is rented out by cybercriminals to overwhelm targets with colossal bursts of traffic. Cloudflare, which mitigated the record-breaking attack, reports that almost half of all Aisuru activity this year has exceeded 1 Tbps, signalling a sharp rise in hyper-volumetric incidents capable of disrupting not only victims but surrounding internet infrastructure.

Recent attacks have hit sectors including gaming, telecommunications and financial services, with most lasting under ten minutes, leaving defenders little time to react. Cloudflare says it is mitigating thousands of attacks every hour, underscoring how 2025 has already surpassed previous years in both scale and frequency.

Chinese state-backed group used autonomous AI to run large-scale cyber attacks

A state-sponsored threat actor from China has been linked to an unprecedented espionage campaign that used Anthropic’s AI technology to automate the majority of its cyber operations. The group manipulated Claude Code into functioning as an autonomous attack agent, capable of conducting reconnaissance, discovering and validating weaknesses, exploiting systems, moving laterally and exfiltrating data with minimal human oversight. Anthropic says the AI executed up to 90 percent of tactical activity, breaking instructions into smaller tasks and coordinating sub-agents at speeds no human team could match.

Around 30 high-value global targets were probed, including major tech firms, financial institutions, chemical manufacturers and government bodies, with some intrusions succeeding before the accounts were blocked. The campaign marks the first known case of an AI-driven cyber attack executed at scale for intelligence gathering, signalling a major shift in adversarial capability. Although the operation relied on publicly available tools, Anthropic noted that hallucinations sometimes disrupted the attackers’ workflow, highlighting the limitations of autonomous AI in real-world offensive operations.

Space sector hit by more than 237 cyber operations amid rising conflict-linked activity

New research from the Center for Security Studies at ETH Zürich reveals that space infrastructure has become a growing target in modern conflict, with more than 237 cyber operations recorded between January 2023 and July 2025. The majority of activity occurred during heightened periods of tension in the Middle East, including a dramatic spike in June 2025 when Israel and Iran exchanged strikes and 72 cyber incidents were logged in a single month. Most attacks were denial-of-service campaigns aimed at aerospace and defence companies rather than orbital systems, although intrusions, data leaks and breaches also featured.

The report notes that hacktivist groups played a significant role, often replicating techniques seen in other conflicts such as Ukraine. While many incidents caused limited operational damage, the pattern suggests that cyber operations against space assets are becoming a consistent feature of contemporary warfare. With at least 77 organisations targeted, including ISA, Rafael and even NASA, the findings underline the need for dedicated space cyber defence strategies.

Nigerian organisations now face Africa’s highest weekly cyberattack volume, new report shows

Nigerian organisations are being hit with more cyberattacks per week than any other country in Africa, according to Check Point’s new African Perspectives on Cyber Security Report 2025. Firms in Nigeria face an average of 4,200 attacks every week, far above the continental average of 3,153 and more than 60 percent higher than the global average. The surge is being driven by AI-enabled threats, with attackers automating phishing, impersonation and cloud exploitation at unprecedented scale.

Check Point warns that identity has become the new security perimeter, as threat actors exploit exposed credentials and misconfigured systems across finance, energy, telecoms and government sectors. Trends vary across the continent, with South Africa battling rising ransomware and botnet infections, Kenya seeing attacks on energy infrastructure, and Morocco facing coordinated DDoS and defacement campaigns.

The report stresses that digital resilience is now an economic issue, urging prevention-first security, continuous risk assessment and stronger public-private collaboration as AI accelerates both opportunity and risk.

French retailer warns customers after personal data exposed in cyber breach

French home improvement and gardening retailer Leroy Merlin is notifying customers that their personal information has been compromised following a cyberattack on its systems. The company, which operates across Europe, South Africa and Brazil, confirmed that the incident affects only customers in France and exposed full names, phone numbers, email addresses, postal addresses, dates of birth and loyalty programme details.

In its notice, Leroy Merlin said it moved quickly to block unauthorised access once the breach was detected and stressed that there is currently no evidence the stolen data has been misused or published online. Even so, customers have been urged to stay alert to unsolicited calls, emails or messages that could be phishing attempts using the leaked information.

The firm advises anyone noticing unusual account activity or issues with loyalty discounts to report it directly. No ransomware group has claimed responsibility, and further details on the scope of the breach have yet to be confirmed.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.