⚡ Lazarus Group strikes South Korea—again.

6 major industries breached via watering hole attacks + zero-days in Cross EX & Innorix Agent.
Malware used: ThreatNeedle & more.

👀 Supply chains are the target.

Learn more 👉 https://thehackernews.com/2025/04/lazarus-hits-6-south-korean-firms-via.html

The ActiveState team is heading to RSA 2025, and we’re kicking things off with a Zero-Vulnerability Happy Hour! 🍻

📅 When: Tuesday, April 29th @ 6:00 PM
📍 Where: Local Tap SF

Join us for great drinks, meaningful conversations, and networking with DevSecOps leaders. Let’s talk open source security, vulnerability management, and the future of secure software supply chains.

Spaces are limited—secure your spot today! 👉 https://thn.news/zero-vulnerability-rsa-happy-hour

#RSAC2025 #DevSecOps #OpenSource #CyberSecurity #ZeroVulnerability

🚨 New Ivanti ICS Attacks Detected!

DslogdRAT malware used in real-world attacks after hackers exploited CVE-2025-0282 (zero-day).

First hit Japan 🇯🇵 in Dec 2024 — now global scanning surges 9X in 24 hrs.

🔹 270+ IPs scanning Ivanti
🔹 255 confirmed malicious
🔹 Top targets: US, Germany, Netherlands

Details: https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html

👀 Hackers could be one path away from your sensitive files!

🚨 New CVEs expose major flaws in Rack & Infodraw systems:

🔹 CVE-2025-27610 lets attackers read config files & credentials via path traversal.

🔹 Infodraw CVE-2025-43928 allows any file to be read or deleted—no login needed.

Learn more: https://thehackernews.com/2025/04/researchers-identify-rackstatic.html

🔥 Exploits are trivial & patches missing. Systems in Belgium & Luxembourg already hit. Update now or go offline!

🛑 Critical SAP Exploit Alert!

Hackers are abusing a flaw in SAP NetWeaver to drop JSP web shells—even fully patched systems are hit.

Likely tied to CVE-2025-31324 (CVSS 10.0) | Allows unauthenticated file uploads via /metadatauploader.

Details → https://thehackernews.com/2025/04/sap-confirms-critical-netweaver-flaw.html

🔥 Machines are talking. And they hold the keys.

70% of leaked secrets still work. NHIs outnumber humans 100:1 — no MFA, no alerts, no control.

Most teams don’t know where these secrets are, or who’s using them.

👀 Time to find the risks. Fix them. Before it’s too late.

See how: https://thehackernews.com/2025/04/why-nhis-are-securitys-most-dangerous.html

🔥 Fake jobs, real danger.

North Korean hackers are posing as crypto firms to lure devs into malware traps.

🔹3 fronts: BlockNovas, Angeloper, SoftGlide
🔹3 Malware: BeaverTail, InvisibleFerret, OtterCookie 🔹3 Target: Your wallet, data & trust.

Read: https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html

A stealthy hacker-for-hire ToyMaker is selling access to top targets — leading straight to CACTUS ransomware attacks.

💰 They scan, hack, and hand over.
🛠️ Malware: LAGTOY

These brokers are speeding up ransomware ops. No espionage, just cash.

Learn more: https://thehackernews.com/2025/04/toymaker-uses-lagtoy-to-sell-access-to.html

👀 Hackers are mining crypto in the cloud—on your dime.

Microsoft uncovered Storm-1977 targeting education sector cloud accounts via password spraying.

They used AzureChecker.exe, hijacked guest accounts, spun up 200+ containers, and ran illicit crypto mining.

⚠️ Time to lock it down.

👉 Learn more: https://thehackernews.com/2025/04/storm-1977-hits-education-clouds-with.html

🚨 13,000+ sites at risk.

Hackers are actively exploiting 2 zero-days in Craft CMS, hitting servers via image tools. One flaw scores 10.0 CVSS—worst possible. Nearly 300 sites likely breached already.

Watch for POST hits to "/actions/assets/generate-transform"

🔗 Details: https://thehackernews.com/2025/04/hackers-exploit-critical-craft-cms.html

👀 Patch now. Rotate keys. Check logs.

⚠️ Think you're installing a security patch? Think again.

Hackers are luring WordPress site owners with fake WooCommerce alerts urging a “critical patch” download — but it’s a trap. The download creates a hidden admin account, installs web shells, and gives attackers full control.

Full story —https://thehackernews.com/2025/04/woocommerce-users-targeted-by-fake.html

👀 New APT Earth Kurma is spying on Southeast Asia’s top sectors—hidden in plain sight.

Since June 2024, 🇵🇭 🇻🇳 🇹🇭 🇲🇾 govts & telcos face custom malware, rootkits, & data theft via Dropbox/OneDrive.

Hackers use legit tools (LotL), making detection hard.

🔗 Learn more: https://thehackernews.com/2025/04/earth-kurma-targets-southeast-asia-with.html

💻 Your weakest link could cost you everything!

Hackers don’t need big bugs—small oversights cause massive breaches.

Intruder found:
🔸A 302 redirect = AWS key theft
🔸An exposed .git = DB takeover
🔸Metadata flaw = Remote access

Scan before they strike → https://thehackernews.com/2025/04/how-breaches-start-breaking-down-5-real.html

⚡ What keeps CISOs awake at night this week?

🔸 0-days exploited before patches hit.
🔸 AI turning low-skill attackers into high-impact threats.
🔸 Identity systems being used against us — again.

Security today demands strategic clarity.
Every vulnerability is an opportunity for attackers.
Every delay? A risk.

We have summarized last week’s top threats.

Read — https://thehackernews.com/2025/04/weekly-recap-critical-sap-exploit-ai.html

🚨 CISA Alert: Two critical flaws — in Broadcom Fabric OS (CVE-2025-1976) and Commvault Web Server (CVE-2025-3928) — are now on the Known Exploited Vulnerabilities (KEV) list.

🔹 Both bugs are actively exploited.
🔹 Admin access can lead to full system compromise.
🔹 Patching deadlines: May 17–19, 2025.

👉 Details: https://thehackernews.com/2025/04/cisa-adds-actively-exploited-broadcom.html

🔥 New Cyber Attack Alert!

Senior members of the World Uyghur Congress were targeted by malware hidden in a fake UyghurEdit++ app, Citizen Lab reports (Mar 2025).

— Custom-made spyware
— Links to China
— Started as early as May 2024

Learn more: https://thehackernews.com/2025/04/malware-attack-targets-world-uyghur.html

🔒 Still trusting VPNs to secure remote access?

Recent critical flaws exposed thousands. Every open port and IP address is now a target, not a tool.

Legacy network security can't keep up with AI-driven attacks.

Zero Trust isn’t optional anymore — it’s survival.

Learn why it matters → https://thehackernews.com/expert-insights/2025/04/its-time-to-rethink-your-security-for.html

🔥 75 zero-day exploits hit in 2024 | 44% aimed at enterprise tools.

While browser & mobile attacks fell sharply, threat actors shifted focus — hitting Ivanti, Palo Alto, Cisco & others.

📊 Top targets: Microsoft (26), Google (11), Ivanti (7), Apple (5)
🎯 20 zero-days hit security appliances
🕵️‍♂️ State hackers, spyware firms & cybercrime crews all involved

Read the full story → https://thehackernews.com/2025/04/google-reports-75-zero-days-exploited.html

⚡ Your AI Copilot could leak your secrets — without you even knowing.

Microsoft 365 Copilot boosts productivity, but opens the door to massive data risks. Reco spots risky prompts, flags hidden attacks, and locks down your SaaS ecosystem.

Learn how: https://thehackernews.com/2025/04/product-walkthrough-securing-microsoft.html

🚨 Cybersecurity firms are under attack!

🇨🇳 China’s PurpleHaze hackers targeted SentinelOne’s systems and high-value customers.

🎭 360+ fake North Korean IT workers tried to infiltrate the company.

🇷🇺 Russian ransomware gangs are buying real security products to beat defenses.

Read 👉https://thehackernews.com/2025/04/sentinelone-uncovers-chinese-espionage.html

🚨 New jailbreaks ("Inception", "Do-Not-Reply"), memory hacks, tool poisoning, unsafe model upgrades — CERT, METR, and others warn:

⚡ ChatGPT, Claude, Copilot, Gemini, Grok, Meta AI can leak code, malware, data.
⚡ GPT-4.1 is 3X riskier than before.
⚡ MCP protocols, Chrome extensions now exploited.

The AI arms race is outpacing safety.

Read: https://thehackernews.com/2025/04/new-reports-uncover-jailbreaks-unsafe.html