🔐🌍 UPDATE — CISA extends funding to prevent a shutdown of the CVE Program.

A new CVE Foundation is also launched to ensure global, independent oversight—just as ENISA rolls out the EU Vulnerability Database.

Read: https://thehackernews.com/2025/04/us-govt-funding-for-mitres-cve-ends.html#update-cisa-extends-cve-program-contract-amid-funding-crisis

🔥 One task away from total takeover?

4 local privilege escalation flaws found in schtasks.exe—a core part of Windows Task Scheduler.

Attackers can:
• Bypass UAC
• Run SYSTEM-level commands
• Erase security logs
• Impersonate admins using known passwords.

Fix not yet available.

🔗 Full story → https://thehackernews.com/2025/04/experts-uncover-four-new-privilege.html

🚨 Targeted iPhone attacks in the wild.

Apple just patched 2 new zero-days—bringing 2025’s total to 5 actively exploited flaws.

→ One lets hackers run code via malicious audio files
→ Another bypasses Pointer Authentication using memory tricks

🔗 Details here: https://thehackernews.com/2025/04/apple-patches-two-actively-exploited.html

Update now: iOS 18.4.1, macOS Sequoia 15.4.1, tvOS, visionOS

🚨 Actively Exploited SonicWall Flaw Hits CISA’s KEV List.

Remote attackers can execute code via SMA 100 Series bug (CVE-2021-20035, CVSS 7.2).

➡️ Injects OS commands as ‘nobody’ user
➡️ Impacts SMA 200–500v on outdated firmware
➡️ FCEB agencies must patch by May 7, 2025

Your VPN gateway could be the backdoor. Patch it

Learn more: https://thehackernews.com/2025/04/cisa-flags-actively-exploited.html

🚨 Microsoft Alert: Node.js-Powered Malware Campaign Ongoing...

Since Oct 2024, fake Binance & TradingView installers have been used to deploy malware via Node.js and PowerShell.

Linked threats include ClickFix tricks, SectopRAT malware, fake PDF tools, and HR-themed phishing kits.

Learn more: https://thehackernews.com/2025/04/nodejs-malware-campaign-targets-crypto.html

🚨 CVSS 10.0 ALERT: Remote Code Execution in Erlang/OTP SSH (CVE-2025-32433)

No auth. Full control. Widespread impact.

Used in Cisco, Ericsson, OT/IoT, and edge systems, this bug lets attackers run code without logging in.

If SSH runs as root? Game over. 👀

🔗 Full details → https://thehackernews.com/2025/04/critical-erlangotp-ssh-vulnerability.html

🔥 Fix now → OTP-27.3.3 / 26.2.5.11 / 25.3.2.20 Block SSH ports as temp fix.

🔥 Blockchain won’t kill passwords yet—but it may change how we authenticate.

Decentralized IDs + cryptographic keys = fewer breaches, no central targets.

Used in finance (KYC) & healthcare (patient data), it’s real—and growing.

But until blockchain scales, passwords stay. Just make them strong.

➡️ Learn more: https://thehackernews.com/2025/04/blockchain-offers-security-benefits-but.html

🚨 Copy. Paste. Get hacked.

North Korea, Iran & Russia are now pushing ClickFix—a sneaky trick that fools users into running malware on their own devices.

Learn more → https://thehackernews.com/2025/04/state-sponsored-hackers-weaponize.html

🚨 AI isn’t just coding faster—it’s rewriting the rulebook.

LLMs have entered the threat landscape. From spear-phishing and voice fraud to malware with OCR, attackers are now using AI to scale, blend, and evolve.

Defenders use AI too—but GenAI interfaces expose a new attack surface.

🔗 Full deep dive in Security Navigator 2025: https://thehackernews.com/2025/04/artificial-intelligence-whats-all-fuss.html

🚨 China-backed hackers are deploying TONESHELL v3, StarProxy, and stealth tools like SplatCloak to breach Myanmar targets—dodging EDR, logging keystrokes, and hopping across networks with FakeTLS tricks.

• 3 TONESHELL variants
• 2 new keyloggers (PAKLOG, CorKLOG)
• StarProxy – a lateral movement proxy over FakeTLS
• SplatCloak – a Windows kernel-level EDR evasion driver

Details here 👉 https://thehackernews.com/2025/04/mustang-panda-targets-myanmar-with.html

🚨 New NTLM flaw (CVE-2025-24054) is being actively exploited to steal Windows credentials—just by downloading a file. No clicks, no execution needed.

This "low-interaction" bug leaks NTLMv2 hashes via SMB—perfect for pass-the-hash attacks.

🔗 Details here: https://thehackernews.com/2025/04/cve-2025-24054-under-active.html

🚨 New XorDDoS Variant Targets U.S. Servers!

The malware is now hijacking Docker and Linux systems via SSH brute-force attacks.

A new “VIP” controller spotted in 2024 suggests it’s being sold as a service, expanding botnet operations.

Full story → https://thehackernews.com/2025/04/experts-uncover-new-xorddos-controller.html

AI is already in your SaaS. The real question: Do you know where—or how risky it is?

Employees are using ChatGPT, bots, and AI tools without security oversight. Shadow AI is real—and your old playbook won’t catch it.

🔥 WEBINAR — Join AI security expert and learn:
📌 Real breach cases
⚙️ Detection strategies that actually work
🚨 What to do before your next silent breach

Join the webinar → https://thehackernews.com/2025/04/webinar-ai-is-already-inside-your-saas.html

👀 Attackers are now using multi-stage payloads that slip past detection—via simple tricks, not complex code.

One phishing email = 3 malware strains:
• Agent Tesla
• Remcos RAT
• XLoader

🔐 Plus: a new MysterySnail variant is targeting Mongolia & Russia—40+ commands, remote access, and evasion built-in.

➡️ See the full analysis: https://thehackernews.com/2025/04/multi-stage-malware-attack-uses-jse-and.html

⚠️ Alert: Fake E-ZPass Texts Target Drivers in 8 U.S. States

A widespread smishing scam is tricking drivers into fake toll payments to steal card info.

🔹 Linked to China-based Smishing Triad
🔹 Phishing kits sold by CS student Wang Duo Yu
🔹 Used in 121+ countries

🔗 Full story: https://thehackernews.com/2025/04/chinese-smishing-kit-behind-widespread.html

📵 Avoid clicking toll links in texts.

🚨 Critical ASUS Router Flaw Exposed
9.2 CVSS | Remote Hijack Risk

A new bug—CVE-2025-2492—lets attackers remotely execute functions on ASUS routers with AiCloud enabled.

🔗 Details: https://thehackernews.com/2025/04/asus-confirms-critical-flaw-in-aicloud.html

🚨 Malware Alert for Developers!

3 npm packages are mimicking a popular Telegram bot library—but secretly install SSH backdoors & exfiltrate your data.

They replicate the look of node-telegram-bot-api (100K+ weekly users), use starjacking to fake credibility, and target Linux systems. Removal ≠ protection—SSH keys stay behind.

Learn more: https://thehackernews.com/2025/04/rogue-npm-packages-mimic-telegram-bot.html

🚨 Russia’s APT29 hits EU diplomats with new malware disguised as wine-tasting invites.

🍷 GRAPELOADER is a stealthy first-stage loader hidden in “wine-zip”
🎯 Targets: European Ministries of Foreign Affairs
🔄 Launches WINELOADER for deep system access

🔗 Full report: https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html

🚨 Surge in cyberattacks tied to Russian bulletproof host Proton66 since Jan 8, 2025.

New research links it to brute-force, malware, ransomware—even traffic routed via Kaspersky Lab’s network path.

Attackers exploit 2024–25 zero-days, deploy SuperBlack & WeaXor ransomware, and run phishing via hacked WordPress sites.

Learn more: https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html

⚡ From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs deepest.

THN’s Weekly Recap breaks down the stealth, the strategy, and the systems under fire.

🔗 Read: https://thehackernews.com/2025/04/thn-weekly-recap-ios-zero-days-4chan.html

⚠️ Hold your phone near your card... and they drain your bank account.

A new Android malware-as-a-service, SuperCard X, is targeting Italians with NFC relay attacks—letting cybercriminals remotely steal card data and pull off ATM & PoS fraud.

👉 Learn how it works: https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html

Google’s now working on a new Android update to block risky app installs. But until then—stay sharp. Think before tapping.