🛑 New Malware Targets Docker — but it’s not about crypto mining anymore.

Hackers are hijacking Docker to run fake nodes on a Web3 network called Teneo. Instead of mining, they farm TENEO tokens by sending fake heartbeat signals.

🔹 325+ downloads from Docker Hub

Read more ➝ https://thehackernews.com/2025/04/docker-malware-exploits-teneo-web3-node.html

🔥 Google pulls the plug on third-party cookie prompts in Chrome.

No more new pop-ups — just Incognito upgrades & IP protection by Q3 2025.

While Firefox & Safari banned 3rd-party cookies in 2020, Google stalls—caught between privacy & profit.

Read — https://thehackernews.com/2025/04/google-drops-cookie-prompt-in-chrome.html

🚨 Crypto Devs, Watch Out!

Ripple's xrpl.js library was backdoored to steal private keys! Over 2.9M downloads, 135K devs at risk.

🗓️ Malicious versions: 4.2.1–4.2.4, 2.14.2
🛡️ Safe versions: 4.2.5, 2.14.3
👤 Hacker hijacked a Ripple dev's npm account on April 21, 2025.

🔗 Learn more: https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html

🚨 New Tactics from Russian Hackers!

Since March 2025, Russian threat groups UTA0352 & UTA0355 are targeting Ukraine-linked orgs via Microsoft 365 OAuth abuse.

No fake sites—just official Microsoft URLs, real Signal/WhatsApp invites, and compromised Ukrainian Gov accounts.

🔗 Learn more: https://thehackernews.com/2025/04/russian-hackers-exploit-microsoft-oauth.html

👀 Phishing isn't just an email problem anymore!

2025's #1 breach method? Identity attacks — phishing + stolen creds now top software exploits. MFA? Often bypassed. Detection? Too slow.

Real-time browser-based defense is the future. Stop attacks before passwords are stolen.

Learn more: https://thehackernews.com/2025/04/three-reasons-why-browser-is-best-for.html

⚠️ Target: Russian Military!

Android.Spy.1292.origin spyware steals data via fake Alpine Quest apps.

— Spread via fake Telegram & Rus. app stores
— Steals loc., contacts, files
— Sends data to Telegram bot, runs hidden malware

Doctor Web says it mimics Alpine Quest Pro, widely used in military zones.

Read: https://thehackernews.com/2025/04/android-spyware-disguised-as-alpine.html

👀 Kaspersky found a Windows backdoor in fake ViPNet updates targeting Russian government, finance, and industry.

💼 Dream Job? Or Cyber Trap?

Iranian hackers UNC2428 lured Israelis with fake jobs at defense giant Rafael. Victims downloaded “RafaelConnect.exe” — a trap that secretly installed the MURKYTOUR backdoor, giving attackers full access.

Read now → https://thehackernews.com/2025/04/iran-linked-hackers-target-israel-with.html

DPRK hackers are inside Web3—stealing crypto to fund WMDs.

In 2023, $137M stolen in 1 day via phishing. In 2024, they used deepfakes to win real jobs & extort firms. 12 fake identities at one US firm alone.

Learn more: https://thehackernews.com/2025/04/dprk-hackers-steal-137m-from-tron-users.html

🔒 WhatsApp rolls out Advanced Chat Privacy!

🔸 Blocks chat exports, auto-downloads, & AI use in sensitive convos.
🔸 Still allows screenshots & manual media saves.
🔸 Available now for all users on the latest update.

Update to try it 👉 https://thehackernews.com/2025/04/whatsapp-adds-advanced-chat-privacy-to.html

🔥 Critical Exploit Alert!

A 9.0 CVSS flaw in Commvault Command Center lets hackers run code without logging in.

🎯 Targets versions 11.38.0–11.38.19
💥 Pre-auth SSRF → Remote Code Execution

Learn more about CVE-2025-34028 here: https://thehackernews.com/2025/04/critical-commvault-command-center-flaw.html

👀 133M patient records breached in 2024. Now, hackers target devices that save lives—not just data.

Zero Trust is mandatory. New HIPAA rules demand it.

Main Line Health secured their network with Armis + Elisity—in hours, not months.

🔒 See how microsegmentation protects both patients & systems: https://thehackernews.com/2025/04/automating-zero-trust-in-healthcare.html

🚨 New Threat Alert: Phishing just got an AI upgrade.

Darcula PhaaS now uses GenAI to help anyone build phishing sites in minutes — no tech skills needed. Smishing attacks just leveled up.

Learn more: https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html

👀 New Linux Rootkit Exploits io_uring, Evades Detection

ARMO’s Curing rootkit uses io_uring to bypass system call monitoring—Falco, Tetragon, and even Microsoft Defender can’t see it.

Attackers can run commands without triggering system calls.

Read → https://thehackernews.com/2025/04/linux-iouring-poc-rootkit-bypasses.html

⚠️ 159 Bugs Exploited in 90 Days!

1 in 4 breaches now starts with a CVE exploit. In Q1 2025, 159 flaws hit in the wild—28% within 24 hours of disclosure.

Top targets: CMSes, edge devices, Windows.

🔗 Learn more: https://thehackernews.com/2025/04/159-cves-exploited-in-q1-2025-283.html

⚡ Lazarus Group strikes South Korea—again.

6 major industries breached via watering hole attacks + zero-days in Cross EX & Innorix Agent.
Malware used: ThreatNeedle & more.

👀 Supply chains are the target.

Learn more 👉 https://thehackernews.com/2025/04/lazarus-hits-6-south-korean-firms-via.html

The ActiveState team is heading to RSA 2025, and we’re kicking things off with a Zero-Vulnerability Happy Hour! 🍻

📅 When: Tuesday, April 29th @ 6:00 PM
📍 Where: Local Tap SF

Join us for great drinks, meaningful conversations, and networking with DevSecOps leaders. Let’s talk open source security, vulnerability management, and the future of secure software supply chains.

Spaces are limited—secure your spot today! 👉 https://thn.news/zero-vulnerability-rsa-happy-hour

#RSAC2025 #DevSecOps #OpenSource #CyberSecurity #ZeroVulnerability

🚨 New Ivanti ICS Attacks Detected!

DslogdRAT malware used in real-world attacks after hackers exploited CVE-2025-0282 (zero-day).

First hit Japan 🇯🇵 in Dec 2024 — now global scanning surges 9X in 24 hrs.

🔹 270+ IPs scanning Ivanti
🔹 255 confirmed malicious
🔹 Top targets: US, Germany, Netherlands

Details: https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html

👀 Hackers could be one path away from your sensitive files!

🚨 New CVEs expose major flaws in Rack & Infodraw systems:

🔹 CVE-2025-27610 lets attackers read config files & credentials via path traversal.

🔹 Infodraw CVE-2025-43928 allows any file to be read or deleted—no login needed.

Learn more: https://thehackernews.com/2025/04/researchers-identify-rackstatic.html

🔥 Exploits are trivial & patches missing. Systems in Belgium & Luxembourg already hit. Update now or go offline!

🛑 Critical SAP Exploit Alert!

Hackers are abusing a flaw in SAP NetWeaver to drop JSP web shells—even fully patched systems are hit.

Likely tied to CVE-2025-31324 (CVSS 10.0) | Allows unauthenticated file uploads via /metadatauploader.

Details → https://thehackernews.com/2025/04/sap-confirms-critical-netweaver-flaw.html

🔥 Machines are talking. And they hold the keys.

70% of leaked secrets still work. NHIs outnumber humans 100:1 — no MFA, no alerts, no control.

Most teams don’t know where these secrets are, or who’s using them.

👀 Time to find the risks. Fix them. Before it’s too late.

See how: https://thehackernews.com/2025/04/why-nhis-are-securitys-most-dangerous.html

🔥 Fake jobs, real danger.

North Korean hackers are posing as crypto firms to lure devs into malware traps.

🔹3 fronts: BlockNovas, Angeloper, SoftGlide
🔹3 Malware: BeaverTail, InvisibleFerret, OtterCookie 🔹3 Target: Your wallet, data & trust.

Read: https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html