🚨 Hackers are abusing WordPress mu-plugins—a hidden auto-run directory—to inject malware, hijack links, and redirect users to scam sites.

Also, add these to the list of 2024's major WordPress threats:
CVE-2024-27956 | SQL injection
CVE-2024-25600 | RCE in Bricks theme
CVE-2024-8353 | PHP injection
CVE-2024-4345 | Arbitrary file upload

If you run a WordPress site, check your mu-plugins folder NOW.

🛡️ Full story: https://thehackernews.com/2025/03/hackers-exploit-wordpress-mu-plugins-to.html

🚨 A Russian group, Water Gamayun, is abusing a Windows zero-day (CVE-2025-26633) to drop two chilling backdoors: SilentPrism & DarkWisp.

They’re hiding in plain sight—using signed .msi files posing as legit apps like DingTalk & VooV to hijack systems.

👀 Targets? Your data, credentials, and even crypto wallets.

💀 Techniques? Living-off-the-land, PowerShell implants, fake WinRAR sites—pure cyber espionage playbook.

🔗 Learn more: https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html

🔥 Apple hit with €150M fine for “biased” privacy rules.

France says Apple’s App Tracking Transparency (ATT) gave itself a privacy pass—while forcing rivals through a double-consent maze.

Regulators call it unfair, confusing, and not truly neutral.

https://thehackernews.com/2025/04/apple-fined-150-million-by-french.html

A China-linked hacking group, Earth Alux, is hitting key sectors in Asia-Pacific and Latin America with stealthy, advanced cyberattacks.

🛠 Tools & Tactics:
• VARGEIT: A backdoor hidden in mspaint.exe, used for spying and data theft
• COBEACON (Cobalt Strike): Initial access
• MASQLOADER: Evades security detection
• Uses 10+ covert communication channels, including Microsoft Outlook drafts

👉 Learn more: https://thehackernews.com/2025/04/china-linked-earth-alux-uses-vargeit.html

Stay alert. These attacks are live.

🔥 23,958 IPs. 10 days. One target: Palo Alto GlobalProtect.

A massive spike in login scans hints at coordinated recon—and possible exploitation ahead.

If you run GlobalProtect, this is your early warning. Audit & harden exposed portals now.

🔗 Full story: https://thehackernews.com/2025/04/nearly-24000-ips-target-pan-os.html

🚨 Old iPhones, new threats. Apple just patched 3 exploited zero-days—and yes, even your dusty iPhone 6s is getting a fix.

🛡️ What's at stake?
• CVE-2025-24201 (CVSS 8.8): Malicious web content breaking free from Safari’s sandbox
• CVE-2025-24085 (7.3): Apps hijacking system privileges
• CVE-2025-24200 (4.6): Bypassing USB Restricted Mode—hello physical attacks

🔥 Why now? These bugs are being actively exploited in the wild.

🔗 Full list + device breakdown: https://thehackernews.com/2025/04/apple-backports-critical-fixes-for-3.html

🔥 Your CSRF tokens might already be leaking.

A global retailer dodged a $3.9M breach and GDPR fines up to €20M—all due to one misconfigured Facebook Pixel exposing CSRF tokens.

The kicker? This wasn’t malware. It was human error—undetectable by blockers.

Protect your site before regulators come knocking.

🔗 Learn what to fix → https://thehackernews.com/2025/04/new-case-study-global-retailer.html

🚨 Think SMS phishing is old news? Think again.

A new PhaaS platform called Lucid is hijacking iMessage & Android RCS to dodge filters and hit 169 targets in 88 countries.

💳 Goal? Steal credit cards + PII, at scale.

🔗 Learn more: https://thehackernews.com/2025/04/lucid-phaas-hits-169-targets-in-88.html

🔥 On its 21st birthday, Google rolls out built-in end-to-end encryption for enterprise Gmail users—no extensions, no certificate swaps.

🔒 Just click, send, secure. Powered by client-side encryption.

🛠️ Admins hold the keys | Google can’t see a thing.

👉 See how it works: https://thehackernews.com/2025/04/enterprise-gmail-users-can-now-send-end.html

🔥 1,500+ PostgreSQL servers hacked for crypto mining.

A threat group tracked as JINX-0126 is exploiting publicly exposed PostgreSQL instances with weak passwords.

What’s happening:
• Malware: PG_MEM (fileless, evasive)
• Goal: Deploy XMRig miner
• Victims: Over 1,500 servers, 3 wallets, ~550 miners each

🔗 Full story: https://thehackernews.com/2025/04/over-1500-postgresql-servers.html

👀 AI is attacking AI — and it just got real.

A new worm, Morris II, is targeting AI apps + email assistants.

But here’s the key: AI can defend us too.
🛡️ Zero Trust stops spread
🔍 Smart vuln management cuts real risk
⚡ AI vs AI is the new norm

Don’t wait. AI attacks move fast.

Fight AI with AI — or fall behind 👉 https://thehackernews.com/expert-insights/2025/03/what-it-means-to-fight-ai-with-ai-using.html

🚨 A new wave of stealth malware loaders is here—modular, evasive, and cloud-integrated.

🧬 Hijack Loader: API spoofing, anti-VM, Avast evasion
💻 SHELBY: GitHub as C2—payloads & commands via commits
🧪 SmokeLoader: .NET Reactor obfuscation + 7-Zip phishing

🔗 Read the full report: https://thehackernews.com/2025/04/new-malware-loaders-use-call-stack.html

🚨 They’re back. Russian threat group FIN7 is using Anubis—a lightweight Python backdoor that grants full remote access to Windows machines without leaving detectable files.

It runs entirely in memory, evades most defenses, and can steal passwords, take screenshots, and exfiltrate data—all masked with Base64 and hosted on compromised SharePoint sites.

🔗 Full analysis: https://thehackernews.com/2025/04/fin7-deploys-anubis-backdoor-to-hijack.html

🔥 New Linux botnet ALERT!

Outlaw—a Romanian-linked group—is actively hijacking SSH servers to mine crypto via auto-spreading malware.

– Targets servers with weak SSH creds
– Uses BLITZ to self-propagate
– Installs SHELLBOT for remote control, DDoS, and data theft
– Exploits old bugs like Dirty COW (CVE-2016-5195)

🔗 Full report: https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html

53.5% of websites have weak SSL.

Not firewalls. Not zero-days. Just bad encryption setups.

👀 That’s how attackers walk in the front door.
SSL misconfigs = MITM attacks, eavesdropping & breaches.

🔥 Your attack surface is growing. Fix it before it spreads.

🔗 Learn more: https://thehackernews.com/2025/04/how-ssl-misconfigurations-impact-your.html

🔥 93% of service providers struggle with cybersecurity compliance.

Only 2% feel confident. That’s a problem—and an opportunity.

This guide breaks down NIST compliance into clear, doable steps for MSPs & MSSPs.

✅ Find gaps
✅ Automate tasks
✅ Build client trust
✅ Cut manual work by 70%

Start here → https://thehackernews.com/2025/04/helping-your-clients-achieve-nist.html

👀 New Google Cloud vulnerability exposed private containers—now patched.

A flaw in Google Cloud Run (ImageRunner) let attackers with limited access pull private images and inject malicious code.

Attackers could exploit this to steal secrets or run malicious containers.

🔗 Learn more: https://thehackernews.com/2025/04/google-fixed-cloud-run-vulnerability.html

🚨 Kidflix Taken Down!

The largest CSAM platform—1.8M users, 91K videos—has been dismantled in a global sting across 38 countries.

⚡ Operation Stream seized 72,000 files on March 11. Crypto. Tokens. Gamified abuse.
Real kids. Real crimes.

🔗 Read: https://thehackernews.com/2025/04/europol-dismantles-kidflix-with-72000.html

🚨 New web skimming campaign abuses old Stripe API to steal real credit cards

💳 49+ sites hit. Real Stripe screen, fake iframe. Cloned buttons.

Targets: WooCommerce, WordPress, PrestaShop.

🔎 Details → https://thehackernews.com/2025/04/legacy-stripe-api-exploited-to-validate.html

🛑 Think that cheap Android phone is a bargain? It might come loaded with Triada—a powerful malware pre-installed on counterfeit devices.

👀 2,600+ victims hit in just two weeks; and hackers stole 💰 $270K+ in crypto.

🔗 Learn more: https://thehackernews.com/2025/04/triada-malware-preloaded-on-counterfeit.html

🚨 New Google Quick Share flaw exposed.
📌 CVE-2024-10668

Attackers could crash your PC or send files to it without approval via Quick Share for Windows.

🔗 Learn more: https://thehackernews.com/2025/04/google-patches-quick-share.html