Author: user
December 4, 2025Ravi LakshmananDDoS attack/network security Cloudflare announced Wednesday that it detected and mitigated the largest distributed denial of service (DDoS) attack in history, reaching 29.7 terabits per second (Tbps). The web infrastructure and security company said the activity originated from a rental DDoS botnet known as AISURU, which has been linked to numerous high-volume DDoS attacks over the past year. The attack lasted 69 seconds. The target of the attack was not disclosed. This botnet primarily targets telecom providers, gaming companies, hosting providers, and financial services. Cloudflare also tackled a 14.1 Bpps DDoS attack from the same botnet. AISURU…
Astronomers have discovered what they believe to be the “largest rotating object” ever discovered, and their rotation may contain important clues about how galaxies develop.Located 140 million light-years from Earth, this spiral structure is a long string of gas that is approximately 5.5 million light-years long and 117,000 light-years wide, wider than the Milky Way. The cosmic filament has 14 hydrogen-rich galaxies chained together like charms on a bracelet. These galaxies reveal the existence of filaments, researchers explained in a paper published today (December 3) in the Monthly Journal of the Royal Astronomical Society.”The initial discovery itself was a surprise,”…
Can any company, large or small, really reverse the dominance of Nvidia’s AI chips? Probably not. But if you can peel away some of it yourself, you could make hundreds of billions of dollars in revenue, Amazon CEO Andy Jassy said this week. As expected, the company announced its next-generation AI chip, Trainium3, an AI chip that competes with Nvidia, at the AWS re:Invent conference. This is 4x faster and consumes less power than the current Trainium2. Jassy reveals some trivia about Trainium today in a post on X, showing why the company is so bullish on the chip. He…
For thousands of years, ethnic groups in what is now southwestern China have buried their dead in “hanging coffins” on cliffs, but their identities have long eluded researchers. Now, new genetic research has revealed that this ancient funerary tradition was practiced by the ancestors of people who still live in the region today.Researchers also found a genetic link between ancient peoples who practiced the “hanging coffin” tradition of fixing ancient wooden coffins to exposed cliffs and Neolithic (“Neolithic”) peoples who lived on the coasts of southern China and Southeast Asia.The discovery “provides valuable insight into the genetic, cultural and historical…
The Trump administration on Wednesday announced plans to lower fuel efficiency standards for passenger cars and light trucks sold in the United States. With the CEOs of Ford and Stellantis in attendance, President Donald Trump proposed lowering fuel efficiency for all 2031 model year vehicles to 34.5 miles per gallon. Previous fuel efficiency standards set under the Biden administration called for 50.4 mpg by 2031. The regulatory changes would also reclassify crossovers as cars rather than light trucks and prevent automakers from trading credits for electric vehicles. The National Highway Traffic Safety Administration regulates fuel economy rules based on Corporate…
In early October, AI enterprise resource planning (ERP) startup DualEntry announced a $90 million Series A round led by Lightspeed and Khosla Ventures, valuing the one-year-old business at $415 million. The company aims to replace traditional software like Oracle NetSuite with products that can automate routine tasks and provide predictive insights. A large funding round from a top VC suggests the startup is likely to see impressive revenue growth. However, one venture capitalist who declined the investment told TechCrunch that DualEntry’s annual recurring revenue (ARR) was only about $400,000 when the deal was considered in August. DualEntry co-founder Santiago Nestares…
Tonight at Playground Global in Palo Alto, some very smart people who are building things you don’t understand yet will explain what’s coming. This is the last StrictlyVC event of 2025 and the line-up is truly ridiculous. Image credit: Aaron V Barrera Photography The series traveled around the world under the auspices of TechCrunch. Steve Case rented a theater in Washington, DC. We spoke with the Greek Prime Minister in Athens. Kirsten Greene hosted us at the Presidio in San Francisco. However, the concept is always the same. Bring together people working on really important developments in a small environment…
December 3, 2025Ravi LakshmananVulnerability / Cloud Security A maximum severity security flaw has been disclosed in React Server Components (RSC) that could allow remote code execution if successfully exploited. This vulnerability is tracked as CVE-2025-55182 and has a CVSS score of 10.0. The React team said in an alert issued today that this allows for “unauthenticated remote code execution by exploiting a flaw in the way React decodes payloads sent to React server function endpoints.” “Even if your app doesn’t implement the React Server Function endpoint, it may still be vulnerable if it supports React Server components.” According to cloud…
December 3, 2025Ravi LakshmananVulnerabilities / Endpoint Security According to ACROS Security’s 0patch, Microsoft silently embedded a security flaw that has been exploited by multiple attackers since 2017 as part of the company’s November 2025 Patch Tuesday update. The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which is described as a Windows Shortcuts (LNK) file UI misinterpretation vulnerability that could lead to remote code execution. According to the NIST National Vulnerability Database (NVD) description, “The specific flaw exists in the handling of .LNK files.” “Crafted data in a .LNK file could hide dangerous content within the file from a user…
December 3, 2025Ravi LakshmananVulnerabilities / Website Security A critical security flaw affecting a WordPress plugin known as King Addons for Elementor is being exploited in the wild. This vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a privilege escalation case that allows an unauthenticated attacker to grant themselves administrative privileges by simply specifying the administrator user role during registration. Affected versions are 24.12.92 through 51.1.14. This vulnerability was patched by the maintainer in version 51.1.35, released on September 25, 2025. Security researcher Peter Thaleikis is credited with discovering and reporting this flaw. This plugin has over 10,000 active installations. “This is due…