🚨 AkiraBot has attacked 420,000 domains, using OpenAI’s GPT-4o-mini to flood contact forms and chats with SEO spam — even beating CAPTCHA.

🔥 Targets include Shopify, Wix, GoDaddy, and Squarespace. Nobody's safe.

Learn more: https://thehackernews.com/2025/04/akirabot-targets-420000-sites-with.html

🚨 Europol's Operation Endgame just busted 5+ SmokeLoader customers linked to ransomware, spyware, and crypto theft.

Meanwhile, new malware loaders like ModiLoader, GootLoader, and FakeUpdates are hitting users with phishing, fake installs, and drive-by attacks.

🔗 Full story: https://thehackernews.com/2025/04/europol-arrests-five-smokeloader.html

🔥 Gamaredon (aka Shuckworm) hit a Western military mission in Ukraine with a new, stealthier GammaSteel malware, Symantec warns.

📂 Infected USBs → Hidden shortcut traps → Live exfil via Telegram & Telegraph.

🔗 Full story: https://thehackernews.com/2025/04/gamaredon-uses-infected-removable.html

🎲 53% of #DevSecOps teams are gambling with open source security.

New 2025 report from ActiveState reveals:

→ Risky workflows
→ Sluggish MTTD/MTTR
→ Traditional tools are failing fast

Ready to fix faster—without falling behind?

🔗Read now → https://thn.news/vuln-management-2025

🚨 New npm malware alert: pdf-to-office targets Atomic and Exodus wallets.

➡️ Injects malicious code to hijack crypto transfers.
➡️ Malware persists even after uninstalling.
➡️ 334+ downloads so far.

Supply chain attacks are rising.

Full report: https://thehackernews.com/2025/04/malicious-npm-package-targets-atomic.html

AI agents aren’t just "tools" anymore — they're your new workforce.

But behind every agent is a non-human identity (NHI) — and that's where real risks live.

🔒 Machine-speed attacks
🔒 Invisible backdoors (Shadow AI)
🔒 Cross-system breaches

Learn how to secure AI at the source ➔ https://thehackernews.com/2025/04/the-identities-behind-ai-agents-deep.html

CTM360 just uncovered 16,000+ malicious Android URLs tied to the evolving PlayPraetor campaign.

🛡️ 5 new variants (Phish, RAT, PWA, Phantom, Veil) now target banking, tech, and energy users globally.

The threat is expanding fast.

Read the full report: https://thehackernews.com/2025/04/playpraetor-reloaded-ctm360-uncovers.html

🚨 NVIDIA’s critical security fix failed!

NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete — attackers can still escape containers and gain root access (CVE-2025-23359).

👀 Admins: Threat actors are watching...
✅ Patch now
✅ Audit your containers
✅ Lock down Docker APIs

Full report ➔ https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html

ALERT — A critical OttoKit plugin flaw (CVE-2025-3102) is under active attack: 100K+ WordPress sites at risk.

Hackers can create admin accounts and fully take over vulnerable sites.

Check admin users → Remove any suspicious accounts.

👉 Full details: https://thehackernews.com/2025/04/ottokit-wordpress-plugin-admin-creation.html

If you use OttoKit, update to v1.0.79 NOW.

⚡ Mobile Malware Alert — Cybersecurity researchers warn of rising threats from SpyNote, BadBazaar, and MOONSHINE malware.

➡️ SpyNote exploits fake Google Play pages to hijack Android devices — stealing data, mic, and camera access.

➡️ BadBazaar and MOONSHINE target Tibetan, Uyghur, and Taiwanese communities — tied to Chinese APT groups.

🔗 Full report: https://thehackernews.com/2025/04/spynote-badbazaar-moonshine-malware.html

🚨 23,958 IPs. 5 countries. 1 target.

Palo Alto Networks' GlobalProtect portals are under coordinated brute-force login attacks—no vulnerability yet, but the threat is real.

Urgent:
✅ Update PAN-OS
✅ Enforce MFA
✅ Harden your portals

🔗 Full story: https://thehackernews.com/2025/04/palo-alto-networks-warns-of-brute-force.html

🔥 Cyberattacks are scaling like startups — thanks to Initial Access Brokers (IABs).

🔹 In 2024, 58% of hacked access sells for under $1K.
🔹 Target sectors are widening — no one’s safe.
🔹 USA, Brazil, France top the hit list.

Cheaper access = faster, wider cyberattacks.

Details + defense tips 👉 https://thehackernews.com/2025/04/initial-access-brokers-shift-tactics.html

🚨 Paper Werewolf (aka GOFFEE) is hitting Russian government, energy, and media sectors with a stealthy new weapon → PowerModul.

It hijacks systems via fake Word/PDF files → deploys PowerShell malware → pivots with Mythic agents.

Read: https://thehackernews.com/2025/04/paper-werewolf-deploys-powermodul.html

⚡ Even patching won't save you.

Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN.

Full details 👉 https://thehackernews.com/2025/04/fortinet-warns-attackers-retain.html

🚨 New cyber threat alert!

Pakistan-linked hackers are ramping up attacks on India's oil, railways, and external affairs sectors using Xeno RAT, Spark RAT, and new malware CurlBack RAT.

They're now using MSI packages—ditching old methods—to steal browser data, files, and credentials across Windows & Linux.

Find details here: https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html

AI is already rewriting cybersecurity—and most defenders are unprepared.

Hackers are using AI to automate attacks in minutes, while security teams still react manually.

The new arms race isn’t humans vs. humans.

It’s AI vs. AI.

Learn more → https://thehackernews.com/2025/04/cybersecurity-in-ai-era-evolve-faster.html

🔥 Defenses can fail. Trusted tools can turn.

This week's newsletter covers how breaches happen before you even know they're possible.

⚡ Read and prepare → https://thehackernews.com/2025/04/weekly-recap-windows-0-day-vpn-exploits.html

🚨 Precision-targeted attacks are validating emails in real-time before stealing credentials.

🔍 Only verified, high-value accounts see fake login screens. No email? You’re redirected to Wikipedia to dodge detection.

Learn more: https://thehackernews.com/2025/04/phishing-campaigns-use-real-time-checks.html

🚨 Threat ALERT: ResolverRAT is hitting healthcare and pharma sectors hard — phishing, fear-bait, stealth attacks.

🛡️ Sophisticated multi-stage RAT
🌐 Localized lures: Hindi, Italian, Turkish + more
🕵️‍♂️ Advanced evasion: encryption, IP rotation, memory-only payload

🔗 Read: https://thehackernews.com/2025/04/resolverrat-campaign-targets-healthcare.html

🔥 Meta’s AI is coming for your public posts — but you can still opt out.

Starting this week, Meta is using public EU content from Facebook, Instagram & more (comments, posts, AI chats — not DMs).

Regulators approved it after a 1-year pause. Opt-out links are rolling out. Check your app or email.

👉 Act now → https://thehackernews.com/2025/04/meta-resumes-eu-ai-training-using.html

🚨 Alert — A 9.0 CVSS flaw in Gladinet’s CentreStack also affects Triofox—both used for remote access.

Attackers exploited it as a zero-day in March, hitting 7 orgs by April 11.

🔑 Root cause: Hardcoded crypto keys → enabled RCE via PowerShell + DLL sideloading

🔗 Read: https://thehackernews.com/2025/04/gladinets-triofox-and-centrestack-under.html