🔥 Security teams are drowning in complexity—and AI copilots aren't a future fix. They're already critical in 2025.

From instant policy answers to auto-summarizing risk reports, AI is reshaping how top teams stay ahead.

🧠 But AI isn’t magic. Humans still rule judgment.

How the smartest teams are striking the balance 👉 https://thehackernews.com/expert-insights/2025/04/supercharging-security-compliance-with.html

Microsoft’s April update patches 126 flaws—but CVE-2025-29824, already exploited in ransomware attacks, has no fix for Windows 10.

🔗 More details: https://thehackernews.com/2025/04/microsoft-patches-126-flaws-including.html

CISA demands federal agencies patch by April 29.

🚨 New Windows zero-day (CVE-2025-29824) exploited in ransomware attacks!

⚡ Attackers used PipeMagic malware, hidden in MSBuild files, and hijacked legit sites to spread payloads. Linked to RansomEXX gang.

Full report 👉 https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html

🔒 Patch ASAP if you haven't!

🚨 New CISA Alert!

Gladinet CentreStack flaw (CVE-2025-30406, CVSS 9.0) is actively exploited.

▶️ Hard-coded machineKey enables remote code execution.
▶️ Exploited as a zero-day in March 2025.

🔗 Details: https://thehackernews.com/2025/04/cisa-warns-of-centrestacks-hard-coded.html

Patch or rotate keys now.

⚡ New Malware Alert!

Chinese-linked ToddyCat exploited an ESET flaw (CVE-2024-11859) to drop new malware TCESB — bypassing defenses and hijacking devices.

Update now | Stay alert.

Details 👉https://thehackernews.com/2025/04/new-tcesb-malware-found-in-active.html

🔥 Non-human identities (NHIs) are exploding — and leaking secrets faster than ever.

In 2024:
• 23.77M secrets leaked on GitHub (+25%)
• NHIs outnumber humans 45-to-1
• 70% of leaked secrets still active
• Private repos = 8x more leaks than public
• Copilot = 40% more leaks
• Docker Hub = 100K+ valid secrets exposed

The attack surface is out of control. Secrets management must evolve—fast.

🔎 Full 2025 Report: https://thehackernews.com/2025/04/explosive-growth-of-non-human.html

🔥 AI scams just leveled up.

Lovable AI scored 1.8/10 on Guardio Labs' security test—the easiest tool for cybercrooks to build phishing sites in minutes.

👀 It auto-deploys fake Microsoft pages, steals credentials, and even sets up admin dashboards.

Learn more: https://thehackernews.com/2025/04/lovable-ai-found-most-vulnerable-to.html

🚨 AkiraBot has attacked 420,000 domains, using OpenAI’s GPT-4o-mini to flood contact forms and chats with SEO spam — even beating CAPTCHA.

🔥 Targets include Shopify, Wix, GoDaddy, and Squarespace. Nobody's safe.

Learn more: https://thehackernews.com/2025/04/akirabot-targets-420000-sites-with.html

🚨 Europol's Operation Endgame just busted 5+ SmokeLoader customers linked to ransomware, spyware, and crypto theft.

Meanwhile, new malware loaders like ModiLoader, GootLoader, and FakeUpdates are hitting users with phishing, fake installs, and drive-by attacks.

🔗 Full story: https://thehackernews.com/2025/04/europol-arrests-five-smokeloader.html

🔥 Gamaredon (aka Shuckworm) hit a Western military mission in Ukraine with a new, stealthier GammaSteel malware, Symantec warns.

📂 Infected USBs → Hidden shortcut traps → Live exfil via Telegram & Telegraph.

🔗 Full story: https://thehackernews.com/2025/04/gamaredon-uses-infected-removable.html

🎲 53% of #DevSecOps teams are gambling with open source security.

New 2025 report from ActiveState reveals:

→ Risky workflows
→ Sluggish MTTD/MTTR
→ Traditional tools are failing fast

Ready to fix faster—without falling behind?

🔗Read now → https://thn.news/vuln-management-2025

🚨 New npm malware alert: pdf-to-office targets Atomic and Exodus wallets.

➡️ Injects malicious code to hijack crypto transfers.
➡️ Malware persists even after uninstalling.
➡️ 334+ downloads so far.

Supply chain attacks are rising.

Full report: https://thehackernews.com/2025/04/malicious-npm-package-targets-atomic.html

AI agents aren’t just "tools" anymore — they're your new workforce.

But behind every agent is a non-human identity (NHI) — and that's where real risks live.

🔒 Machine-speed attacks
🔒 Invisible backdoors (Shadow AI)
🔒 Cross-system breaches

Learn how to secure AI at the source ➔ https://thehackernews.com/2025/04/the-identities-behind-ai-agents-deep.html

CTM360 just uncovered 16,000+ malicious Android URLs tied to the evolving PlayPraetor campaign.

🛡️ 5 new variants (Phish, RAT, PWA, Phantom, Veil) now target banking, tech, and energy users globally.

The threat is expanding fast.

Read the full report: https://thehackernews.com/2025/04/playpraetor-reloaded-ctm360-uncovers.html

🚨 NVIDIA’s critical security fix failed!

NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete — attackers can still escape containers and gain root access (CVE-2025-23359).

👀 Admins: Threat actors are watching...
✅ Patch now
✅ Audit your containers
✅ Lock down Docker APIs

Full report ➔ https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html

ALERT — A critical OttoKit plugin flaw (CVE-2025-3102) is under active attack: 100K+ WordPress sites at risk.

Hackers can create admin accounts and fully take over vulnerable sites.

Check admin users → Remove any suspicious accounts.

👉 Full details: https://thehackernews.com/2025/04/ottokit-wordpress-plugin-admin-creation.html

If you use OttoKit, update to v1.0.79 NOW.

⚡ Mobile Malware Alert — Cybersecurity researchers warn of rising threats from SpyNote, BadBazaar, and MOONSHINE malware.

➡️ SpyNote exploits fake Google Play pages to hijack Android devices — stealing data, mic, and camera access.

➡️ BadBazaar and MOONSHINE target Tibetan, Uyghur, and Taiwanese communities — tied to Chinese APT groups.

🔗 Full report: https://thehackernews.com/2025/04/spynote-badbazaar-moonshine-malware.html

🚨 23,958 IPs. 5 countries. 1 target.

Palo Alto Networks' GlobalProtect portals are under coordinated brute-force login attacks—no vulnerability yet, but the threat is real.

Urgent:
✅ Update PAN-OS
✅ Enforce MFA
✅ Harden your portals

🔗 Full story: https://thehackernews.com/2025/04/palo-alto-networks-warns-of-brute-force.html

🔥 Cyberattacks are scaling like startups — thanks to Initial Access Brokers (IABs).

🔹 In 2024, 58% of hacked access sells for under $1K.
🔹 Target sectors are widening — no one’s safe.
🔹 USA, Brazil, France top the hit list.

Cheaper access = faster, wider cyberattacks.

Details + defense tips 👉 https://thehackernews.com/2025/04/initial-access-brokers-shift-tactics.html

🚨 Paper Werewolf (aka GOFFEE) is hitting Russian government, energy, and media sectors with a stealthy new weapon → PowerModul.

It hijacks systems via fake Word/PDF files → deploys PowerShell malware → pivots with Mythic agents.

Read: https://thehackernews.com/2025/04/paper-werewolf-deploys-powermodul.html

⚡ Even patching won't save you.

Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN.

Full details 👉 https://thehackernews.com/2025/04/fortinet-warns-attackers-retain.html