⚡ New Malware Alert!

Chinese-linked ToddyCat exploited an ESET flaw (CVE-2024-11859) to drop new malware TCESB — bypassing defenses and hijacking devices.

Update now | Stay alert.

Details 👉https://thehackernews.com/2025/04/new-tcesb-malware-found-in-active.html

🔥 Non-human identities (NHIs) are exploding — and leaking secrets faster than ever.

In 2024:
• 23.77M secrets leaked on GitHub (+25%)
• NHIs outnumber humans 45-to-1
• 70% of leaked secrets still active
• Private repos = 8x more leaks than public
• Copilot = 40% more leaks
• Docker Hub = 100K+ valid secrets exposed

The attack surface is out of control. Secrets management must evolve—fast.

🔎 Full 2025 Report: https://thehackernews.com/2025/04/explosive-growth-of-non-human.html

🔥 AI scams just leveled up.

Lovable AI scored 1.8/10 on Guardio Labs' security test—the easiest tool for cybercrooks to build phishing sites in minutes.

👀 It auto-deploys fake Microsoft pages, steals credentials, and even sets up admin dashboards.

Learn more: https://thehackernews.com/2025/04/lovable-ai-found-most-vulnerable-to.html

🚨 AkiraBot has attacked 420,000 domains, using OpenAI’s GPT-4o-mini to flood contact forms and chats with SEO spam — even beating CAPTCHA.

🔥 Targets include Shopify, Wix, GoDaddy, and Squarespace. Nobody's safe.

Learn more: https://thehackernews.com/2025/04/akirabot-targets-420000-sites-with.html

🚨 Europol's Operation Endgame just busted 5+ SmokeLoader customers linked to ransomware, spyware, and crypto theft.

Meanwhile, new malware loaders like ModiLoader, GootLoader, and FakeUpdates are hitting users with phishing, fake installs, and drive-by attacks.

🔗 Full story: https://thehackernews.com/2025/04/europol-arrests-five-smokeloader.html

🔥 Gamaredon (aka Shuckworm) hit a Western military mission in Ukraine with a new, stealthier GammaSteel malware, Symantec warns.

📂 Infected USBs → Hidden shortcut traps → Live exfil via Telegram & Telegraph.

🔗 Full story: https://thehackernews.com/2025/04/gamaredon-uses-infected-removable.html

🎲 53% of #DevSecOps teams are gambling with open source security.

New 2025 report from ActiveState reveals:

→ Risky workflows
→ Sluggish MTTD/MTTR
→ Traditional tools are failing fast

Ready to fix faster—without falling behind?

🔗Read now → https://thn.news/vuln-management-2025

🚨 New npm malware alert: pdf-to-office targets Atomic and Exodus wallets.

➡️ Injects malicious code to hijack crypto transfers.
➡️ Malware persists even after uninstalling.
➡️ 334+ downloads so far.

Supply chain attacks are rising.

Full report: https://thehackernews.com/2025/04/malicious-npm-package-targets-atomic.html

AI agents aren’t just "tools" anymore — they're your new workforce.

But behind every agent is a non-human identity (NHI) — and that's where real risks live.

🔒 Machine-speed attacks
🔒 Invisible backdoors (Shadow AI)
🔒 Cross-system breaches

Learn how to secure AI at the source ➔ https://thehackernews.com/2025/04/the-identities-behind-ai-agents-deep.html

CTM360 just uncovered 16,000+ malicious Android URLs tied to the evolving PlayPraetor campaign.

🛡️ 5 new variants (Phish, RAT, PWA, Phantom, Veil) now target banking, tech, and energy users globally.

The threat is expanding fast.

Read the full report: https://thehackernews.com/2025/04/playpraetor-reloaded-ctm360-uncovers.html

🚨 NVIDIA’s critical security fix failed!

NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete — attackers can still escape containers and gain root access (CVE-2025-23359).

👀 Admins: Threat actors are watching...
✅ Patch now
✅ Audit your containers
✅ Lock down Docker APIs

Full report ➔ https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html

ALERT — A critical OttoKit plugin flaw (CVE-2025-3102) is under active attack: 100K+ WordPress sites at risk.

Hackers can create admin accounts and fully take over vulnerable sites.

Check admin users → Remove any suspicious accounts.

👉 Full details: https://thehackernews.com/2025/04/ottokit-wordpress-plugin-admin-creation.html

If you use OttoKit, update to v1.0.79 NOW.

⚡ Mobile Malware Alert — Cybersecurity researchers warn of rising threats from SpyNote, BadBazaar, and MOONSHINE malware.

➡️ SpyNote exploits fake Google Play pages to hijack Android devices — stealing data, mic, and camera access.

➡️ BadBazaar and MOONSHINE target Tibetan, Uyghur, and Taiwanese communities — tied to Chinese APT groups.

🔗 Full report: https://thehackernews.com/2025/04/spynote-badbazaar-moonshine-malware.html

🚨 23,958 IPs. 5 countries. 1 target.

Palo Alto Networks' GlobalProtect portals are under coordinated brute-force login attacks—no vulnerability yet, but the threat is real.

Urgent:
✅ Update PAN-OS
✅ Enforce MFA
✅ Harden your portals

🔗 Full story: https://thehackernews.com/2025/04/palo-alto-networks-warns-of-brute-force.html

🔥 Cyberattacks are scaling like startups — thanks to Initial Access Brokers (IABs).

🔹 In 2024, 58% of hacked access sells for under $1K.
🔹 Target sectors are widening — no one’s safe.
🔹 USA, Brazil, France top the hit list.

Cheaper access = faster, wider cyberattacks.

Details + defense tips 👉 https://thehackernews.com/2025/04/initial-access-brokers-shift-tactics.html

🚨 Paper Werewolf (aka GOFFEE) is hitting Russian government, energy, and media sectors with a stealthy new weapon → PowerModul.

It hijacks systems via fake Word/PDF files → deploys PowerShell malware → pivots with Mythic agents.

Read: https://thehackernews.com/2025/04/paper-werewolf-deploys-powermodul.html

⚡ Even patching won't save you.

Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN.

Full details 👉 https://thehackernews.com/2025/04/fortinet-warns-attackers-retain.html

🚨 New cyber threat alert!

Pakistan-linked hackers are ramping up attacks on India's oil, railways, and external affairs sectors using Xeno RAT, Spark RAT, and new malware CurlBack RAT.

They're now using MSI packages—ditching old methods—to steal browser data, files, and credentials across Windows & Linux.

Find details here: https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html

AI is already rewriting cybersecurity—and most defenders are unprepared.

Hackers are using AI to automate attacks in minutes, while security teams still react manually.

The new arms race isn’t humans vs. humans.

It’s AI vs. AI.

Learn more → https://thehackernews.com/2025/04/cybersecurity-in-ai-era-evolve-faster.html

🔥 Defenses can fail. Trusted tools can turn.

This week's newsletter covers how breaches happen before you even know they're possible.

⚡ Read and prepare → https://thehackernews.com/2025/04/weekly-recap-windows-0-day-vpn-exploits.html

🚨 Precision-targeted attacks are validating emails in real-time before stealing credentials.

🔍 Only verified, high-value accounts see fake login screens. No email? You’re redirected to Wikipedia to dodge detection.

Learn more: https://thehackernews.com/2025/04/phishing-campaigns-use-real-time-checks.html