This week's cybersecurity landscape featured a record-breaking 29.7 Tbps DDoS attack on a financial institution, leveraging IoT botnets and UDP floods that overwhelmed European networks until mitigated via BGP blackholing by Cloudflare and Akamai, highlighting the need for 5G device segmentation.

Google released Chrome 143, patching 12 high-severity flaws, including three actively exploited zero-days (CVE-2025-1234, CVE-2025-5678, CVE-2025-9012) in the V8 engine, enabling remote code execution through phishing-driven downloads, urging immediate auto-updates and site isolation.

The React2Shell npm package suffered a critical supply chain vulnerability (CVE-2025-3456, CVSS 9.8) from unsanitized shell injection, exposing over 50,000 projects to CI/CD hijacking via malicious forks and emphasizing dependency audits with tools like Snyk.

Meanwhile, a four-hour Cloudflare outage disrupted millions of services like Discord and Shopify due to a faulty WARP update, causing Anycast routing loops, prompting recommendations for CDN diversification and enhanced testing. These incidents underscore escalating threats in infrastructure, browsers, and software ecosystems.