Sophisticated phishing attacks are now routinely bypassing MFA, SSO, and multiple security layers across email, network, and endpoints.

Join the latest webinar from Push Security to learn why phishing attacks are more attractive than ever for attackers in 2025 — and what you can do to stop it.

Register here 👉 https://thn.news/phishing-webinar-it

⚠️ UNC5174 (aka Uteus), tied to China, is quietly breaching Linux & macOS systems using SNOWLIGHT malware + a fake Cloudflare app (VShell).

🔍 Targets: 20+ nations | Sectors: Gov, finance, defense
🛠 Tactics: Open-source tools, fileless payloads, fake authenticator apps
👀 Risk: Remote control, in-memory attacks, hard-to-trace

🔗 Full details: https://thehackernews.com/2025/04/chinese-hackers-target-linux-systems.html

"Your firewall won’t save you."

Hackers are using ChatGPT to craft phishing lures & scan attack surfaces.

Meanwhile, most orgs still cling to VPNs & 30-year-old security models.

🔥 Zero Trust + AI isn’t hype — it’s survival.

Don’t fall behind: https://thehackernews.com/expert-insights/2025/04/rethinking-cyber-defense-with-zero.html

🛑 CRITICAL ALERT → U.S. funding for MITRE’s CVE vulnerability database program ends Wednesday.

MITRE warns: no funding = no new CVEs, degraded threat advisories, and slower incident response.

🛠️ CVEs power security tools, alerts, and patching across critical infrastructure.

🔍 Without it, defenders lose a key part of their playbook.

🔗 Full story → https://thehackernews.com/2025/04/us-govt-funding-for-mitres-cve-ends.html

🚨 New Android Phones, Pre-Loaded with Malware?!

Since June 2024, cheap Androids from Chinese brands like SHOWJI come with trojanized WhatsApp/Telegram apps out of the box.

📱 Fake models: “S24 Ultra”, “Note 13 Pro”, etc.
💸 Malware replaces your crypto wallet address in chats
🧠 Scans your images for mnemonic phrases
💰 Hackers netted $1.6M+ via 40+ infected apps & 60+ C2 servers

🔗 Check the list & protect your crypto → https://thehackernews.com/2025/04/chinese-android-phones-shipped-with.html

🚨 BPFDoor is back—with a stealthy new controller in play.

A fresh wave of BPFDoor attacks has hit telecom, finance & retail sectors in 🇰🇷🇲🇾🇭🇰🇲🇲🇪🇬 — using a stealth controller that opens reverse shells & moves laterally inside Linux networks.

🔗 Read → https://thehackernews.com/2025/04/new-bpfdoor-controller-enables-stealthy.html

⚠️ Why hack in… when you can just log in?

80% of breaches stem from SaaS identity misconfigurations.

One compromised account can trigger a chain: Entra ID takeover → GitHub exfiltration → Slack leaks

Wing Security gives full SaaS visibility—no agents, no blind spots.

✅ Identity & app mapping
✅ Real-time threat detection
✅ Full attack timeline

🔍 See how it works: https://thehackernews.com/2025/04/product-walkthrough-look-inside-wing.html

⚠️ Hackers are abusing AI tool Gamma to craft fake presentations that lead you to spoofed Microsoft SharePoint logins—and even fake CAPTCHA pages to dodge security scans.

🔗Details: https://thehackernews.com/2025/04/ai-powered-gamma-used-to-host-microsoft.html

🚨 Supply chain cyberattacks are exploding — and hitting where it hurts most: healthcare, retail, energy.

🦠 One breach = millions exposed.

The risk? Vendors are the backdoor. Hackers are walking right in.

Learn what’s driving this wave and how to stay ahead: https://thehackernews.com/2025/04/from-third-party-vendors-to-us-tariffs.html

👇 Google blocked 5.1B bad ads and banned 39.2M advertiser accounts in 2024.

AI flagged scams, deepfakes, and fraud at scale—700K accounts suspended for impersonating public figures alone.

🔒 5.1B bad ads blocked
🔍 9.1B restricted
🚫 1.3B pages hit
👤 5M+ scam accounts suspended
🤖 AI flagged 700K deepfake scams

🔗 Full story: https://thehackernews.com/2025/04/google-blocked-51b-harmful-ads-and.html

Over 50% of vulnerabilities are exploited within 7 days of discovery.

Learn how to reduce MTTR and secure your apps with insights from ActiveState's 2025 State of Vulnerability Management & Remediation Report.

🛡️ Stay ahead of threats—download now! https://thn.news/vulnerability-management-2025

#DevSecOps #OpenSource

🔐🌍 UPDATE — CISA extends funding to prevent a shutdown of the CVE Program.

A new CVE Foundation is also launched to ensure global, independent oversight—just as ENISA rolls out the EU Vulnerability Database.

Read: https://thehackernews.com/2025/04/us-govt-funding-for-mitres-cve-ends.html#update-cisa-extends-cve-program-contract-amid-funding-crisis

🔥 One task away from total takeover?

4 local privilege escalation flaws found in schtasks.exe—a core part of Windows Task Scheduler.

Attackers can:
• Bypass UAC
• Run SYSTEM-level commands
• Erase security logs
• Impersonate admins using known passwords.

Fix not yet available.

🔗 Full story → https://thehackernews.com/2025/04/experts-uncover-four-new-privilege.html

🚨 Targeted iPhone attacks in the wild.

Apple just patched 2 new zero-days—bringing 2025’s total to 5 actively exploited flaws.

→ One lets hackers run code via malicious audio files
→ Another bypasses Pointer Authentication using memory tricks

🔗 Details here: https://thehackernews.com/2025/04/apple-patches-two-actively-exploited.html

Update now: iOS 18.4.1, macOS Sequoia 15.4.1, tvOS, visionOS

🚨 Actively Exploited SonicWall Flaw Hits CISA’s KEV List.

Remote attackers can execute code via SMA 100 Series bug (CVE-2021-20035, CVSS 7.2).

➡️ Injects OS commands as ‘nobody’ user
➡️ Impacts SMA 200–500v on outdated firmware
➡️ FCEB agencies must patch by May 7, 2025

Your VPN gateway could be the backdoor. Patch it

Learn more: https://thehackernews.com/2025/04/cisa-flags-actively-exploited.html

🚨 Microsoft Alert: Node.js-Powered Malware Campaign Ongoing...

Since Oct 2024, fake Binance & TradingView installers have been used to deploy malware via Node.js and PowerShell.

Linked threats include ClickFix tricks, SectopRAT malware, fake PDF tools, and HR-themed phishing kits.

Learn more: https://thehackernews.com/2025/04/nodejs-malware-campaign-targets-crypto.html

🚨 CVSS 10.0 ALERT: Remote Code Execution in Erlang/OTP SSH (CVE-2025-32433)

No auth. Full control. Widespread impact.

Used in Cisco, Ericsson, OT/IoT, and edge systems, this bug lets attackers run code without logging in.

If SSH runs as root? Game over. 👀

🔗 Full details → https://thehackernews.com/2025/04/critical-erlangotp-ssh-vulnerability.html

🔥 Fix now → OTP-27.3.3 / 26.2.5.11 / 25.3.2.20 Block SSH ports as temp fix.

🔥 Blockchain won’t kill passwords yet—but it may change how we authenticate.

Decentralized IDs + cryptographic keys = fewer breaches, no central targets.

Used in finance (KYC) & healthcare (patient data), it’s real—and growing.

But until blockchain scales, passwords stay. Just make them strong.

➡️ Learn more: https://thehackernews.com/2025/04/blockchain-offers-security-benefits-but.html

🚨 Copy. Paste. Get hacked.

North Korea, Iran & Russia are now pushing ClickFix—a sneaky trick that fools users into running malware on their own devices.

Learn more → https://thehackernews.com/2025/04/state-sponsored-hackers-weaponize.html

🚨 AI isn’t just coding faster—it’s rewriting the rulebook.

LLMs have entered the threat landscape. From spear-phishing and voice fraud to malware with OCR, attackers are now using AI to scale, blend, and evolve.

Defenders use AI too—but GenAI interfaces expose a new attack surface.

🔗 Full deep dive in Security Navigator 2025: https://thehackernews.com/2025/04/artificial-intelligence-whats-all-fuss.html

🚨 China-backed hackers are deploying TONESHELL v3, StarProxy, and stealth tools like SplatCloak to breach Myanmar targets—dodging EDR, logging keystrokes, and hopping across networks with FakeTLS tricks.

• 3 TONESHELL variants
• 2 new keyloggers (PAKLOG, CorKLOG)
• StarProxy – a lateral movement proxy over FakeTLS
• SplatCloak – a Windows kernel-level EDR evasion driver

Details here 👉 https://thehackernews.com/2025/04/mustang-panda-targets-myanmar-with.html