👀 Microsoft Credits EncryptHub — the Hacker Behind 618+ Breaches — for Disclosing Windows Flaws. 👀

In March 2025, EncryptHub reported 2 critical bugs (CVE-2025-24061 & CVE-2025-24071).

Weeks later, he exploited a zero-day (CVE-2025-26633), hitting hundreds of targets using ChatGPT-built malware.

🔗 Full story: https://thehackernews.com/2025/04/microsoft-credits-encrypthub-hacker.html

🚨 PoisonSeed ALERT: Hackers are hijacking CRM platforms like Mailchimp, SendGrid, Hubspot to steal crypto wallets — by sending fake seed phrases in mass spam attacks.

Once inside? They create API keys for stealthy, long-term control — even if passwords are reset.

Learn more ➔ https://thehackernews.com/2025/04/poisonseed-exploits-crm-accounts-to.html

🔎 Vanity metrics ≠ security

Fortune 500s still chase patch counts and scan rates—but real threats slip through.

Real security = measuring impact, not activity.

Gartner predicts CTEM will cut breaches by 66% by 2026.

👉 Learn more: https://thehackernews.com/2025/04/security-theater-vanity-metrics-keep.html

⚡ Threats are moving faster than patches.

This week in THN: VPN exploits, supply chain hacks, insider threats, fake job scams, and malware-laced phones.

Stay ahead — full recap here ➡️ https://thehackernews.com/2025/04/weekly-recap-vpn-exploits-oracles.html

🚨 ALERT: Fast Flux networks are back—and more dangerous than ever.

CISA, NSA, FBI + allies (🇦🇺🇨🇦🇳🇿) warn: hackers like Gamaredon & Raspberry Robin are rapidly rotating domains to evade takedowns and launch malware attacks.

Block, filter, sinkhole, monitor — or risk exposure.

🔗 Read the full advisory: https://thehackernews.com/2025/04/cisa-and-fbi-warn-fast-flux-is-powering.html

🔥 Google patches 62 security flaws — but 2 were already exploited in the wild.

One (CVE-2024-53197) helped hackers break into a Serbian activist’s phone in Dec 2024.

👀 Zero user interaction. Remote takeover.

Full story → https://thehackernews.com/2025/04/google-releases-android-update-to-patch.html

CrushFTP flaw (CVE-2025-31161, CVSS 9.8) is being actively exploited.

Full system takeover via authentication bypass (no login needed)

—First attacks seen March 30
—815 vulnerable servers
— Targets: marketing, retail, semiconductor sectors
— Malware used: MeshAgent, Telegram bots

FCEB agencies must patch by April 28. Exploit guide is public. Attackers are moving fast.

🔗 See details: https://thehackernews.com/2025/04/cisa-adds-crushftp-vulnerability-to-kev.html

👀 AI is coding faster—but leaking secrets faster too.

New GitGuardian data (2025):
🔹 Copilot repos leak secrets 40% more often.
🔹 6.4% exposed credentials — 1,200+ cases.

As AI builds, non-human identities are exploding—and attackers are watching.

CISOs must rethink security NOW.

Learn why ➔ https://thehackernews.com/expert-insights/2025/04/the-new-frontier-of-security-risk-ai.html

🚨 CERT-UA warns: Military, police, and local governments are targeted by phishing emails dropping two new threats:

🛠️ GIFTEDCROOK stealer (C/C++, browser data theft)
⚡ Reverse shell via PowerShell scripts from "PSSW100AVB" GitHub repo

Tools: PyRDP, RemoteApps — silent file theft, clipboard hijack.

👉 Full details: https://thehackernews.com/2025/04/uac-0226-deploys-giftedcrook-stealer.html

Security teams aren't drowning in threats. They're drowning in alerts.

👀 Most "AI copilots" just sit there, waiting for instructions. Meanwhile, real attacks slip through.

⚡ Agentic AI flips the script:
→ Investigates autonomously
→ Prioritizes real risk
→ Cuts analyst burnout

The future is autonomous. See why → https://thehackernews.com/2025/04/agentic-ai-in-soc-dawn-of-autonomous.html

🚨 Hackers are abusing SourceForge to spread crypto miners & clipper malware disguised as Microsoft Office downloads.

➡️ 4,600+ users hit (Jan–Mar 2025)
➡️ 90% victims = Russian speakers
➡️ Attack chain uses Telegram API, fake URLs & Google Ads

🔗 Read: https://thehackernews.com/2025/04/cryptocurrency-miner-and-clipper.html

🚨 Hackers could have owned your AWS servers—easily.

A flaw in Amazon’s SSM Agent let attackers write scripts with root access by gaming plugin IDs (../).

If you haven’t updated—you're still at risk.

👀 Read more: https://thehackernews.com/2025/04/amazon-ec2-ssm-agent-flaw-patched-after.html

🚨 Critical alert for Fortinet users! A 9.3 CVSS flaw (CVE-2024-48887) in FortiSwitch lets hackers remotely change admin passwords — no login needed.

🔧 Fix it: Upgrade ASAP (7.6.1+, 7.4.5+, 7.2.9+, 7.0.11+, 6.4.15+)

⚡ No exploits yet—but Fortinet bugs have been weaponized before.

👉 Full details: https://thehackernews.com/2025/04/fortinet-urges-fortiswitch-upgrades-to.html

🚨 Critical alert: 30 new security flaws found in Adobe ColdFusion—11 rated Critical.

⚡ Top threats: arbitrary code execution, file system read, security bypass.

CVE-2025-24446 | CVSS 9.1
CVE-2025-24447 | CVSS 9.1
CVE-2025-30281 | CVSS 9.1
(and more)

No active exploits yet—but don’t wait.

🔗 Update now or risk being the next headline: https://thehackernews.com/2025/04/adobe-patches-11-critical-coldfusion.html

🔥 Security teams are drowning in complexity—and AI copilots aren't a future fix. They're already critical in 2025.

From instant policy answers to auto-summarizing risk reports, AI is reshaping how top teams stay ahead.

🧠 But AI isn’t magic. Humans still rule judgment.

How the smartest teams are striking the balance 👉 https://thehackernews.com/expert-insights/2025/04/supercharging-security-compliance-with.html

Microsoft’s April update patches 126 flaws—but CVE-2025-29824, already exploited in ransomware attacks, has no fix for Windows 10.

🔗 More details: https://thehackernews.com/2025/04/microsoft-patches-126-flaws-including.html

CISA demands federal agencies patch by April 29.

🚨 New Windows zero-day (CVE-2025-29824) exploited in ransomware attacks!

⚡ Attackers used PipeMagic malware, hidden in MSBuild files, and hijacked legit sites to spread payloads. Linked to RansomEXX gang.

Full report 👉 https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html

🔒 Patch ASAP if you haven't!

🚨 New CISA Alert!

Gladinet CentreStack flaw (CVE-2025-30406, CVSS 9.0) is actively exploited.

▶️ Hard-coded machineKey enables remote code execution.
▶️ Exploited as a zero-day in March 2025.

🔗 Details: https://thehackernews.com/2025/04/cisa-warns-of-centrestacks-hard-coded.html

Patch or rotate keys now.

⚡ New Malware Alert!

Chinese-linked ToddyCat exploited an ESET flaw (CVE-2024-11859) to drop new malware TCESB — bypassing defenses and hijacking devices.

Update now | Stay alert.

Details 👉https://thehackernews.com/2025/04/new-tcesb-malware-found-in-active.html

🔥 Non-human identities (NHIs) are exploding — and leaking secrets faster than ever.

In 2024:
• 23.77M secrets leaked on GitHub (+25%)
• NHIs outnumber humans 45-to-1
• 70% of leaked secrets still active
• Private repos = 8x more leaks than public
• Copilot = 40% more leaks
• Docker Hub = 100K+ valid secrets exposed

The attack surface is out of control. Secrets management must evolve—fast.

🔎 Full 2025 Report: https://thehackernews.com/2025/04/explosive-growth-of-non-human.html

🔥 AI scams just leveled up.

Lovable AI scored 1.8/10 on Guardio Labs' security test—the easiest tool for cybercrooks to build phishing sites in minutes.

👀 It auto-deploys fake Microsoft pages, steals credentials, and even sets up admin dashboards.

Learn more: https://thehackernews.com/2025/04/lovable-ai-found-most-vulnerable-to.html