๐จ Proton Mail faces nationwide ban in India ๐ฎ๐ณ
Karnataka High Court has ordered the govโt to block the encrypted email provider after a legal complaint tied to AI deepfakes and obscene messages sent via the platform.
๐ Still accessibleโfor now.
Read: https://thehackernews.com/2025/04/indian-court-orders-action-to-block.html
Karnataka High Court has ordered the govโt to block the encrypted email provider after a legal complaint tied to AI deepfakes and obscene messages sent via the platform.
๐ Still accessibleโfor now.
Read: https://thehackernews.com/2025/04/indian-court-orders-action-to-block.html
๐33๐ฑ19๐6๐ค5๐3๐คฏ3
๐ฅ Meta just dropped a firewall for AI.
LlamaFirewall is open-sourceโand built to stop jailbreaks, prompt injections, and insecure code in real time.
Itโs modular. Itโs fast. Itโs made for the LLM era.
๐ก๏ธ Also out:
๐น CyberSecEval 4 with AutoPatchBench to test AI-powered vuln fixes
๐น Llama for Defenders to help fight scams, fraud & phishing
๐น Private Processing to run AI features without leaking user data
๐ Full details here: https://thehackernews.com/2025/04/meta-launches-llamafirewall-framework.html
LlamaFirewall is open-sourceโand built to stop jailbreaks, prompt injections, and insecure code in real time.
Itโs modular. Itโs fast. Itโs made for the LLM era.
๐ก๏ธ Also out:
๐น CyberSecEval 4 with AutoPatchBench to test AI-powered vuln fixes
๐น Llama for Defenders to help fight scams, fraud & phishing
๐น Private Processing to run AI features without leaking user data
๐ Full details here: https://thehackernews.com/2025/04/meta-launches-llamafirewall-framework.html
๐27๐ฅ7๐5๐ค4๐3๐ฑ1
๐จ RansomHub's empire just vanished.
After stealing data from 200+ victims, its dark web site mysteriously went offline on April 1, 2025โtriggering panic among affiliates.
Qilin's leaks doubled. DragonForce claims a takeover.
๐ Read More: https://thehackernews.com/2025/04/ransomhub-went-dark-april-1-affiliates.html
After stealing data from 200+ victims, its dark web site mysteriously went offline on April 1, 2025โtriggering panic among affiliates.
Qilin's leaks doubled. DragonForce claims a takeover.
๐ Read More: https://thehackernews.com/2025/04/ransomhub-went-dark-april-1-affiliates.html
๐11๐5
๐จ China-linked APT โTheWizardsโ caught hijacking trusted Chinese apps to deploy malware updates.
Uses IPv6/DNS to turn Sogou Pinyin & Tencent QQ into WizardNet backdoor delivery for users in ๐จ๐ณ๐ญ๐ฐ๐ฐ๐ญ๐ต๐ญ๐ฆ๐ช.
๐ Their tool Spellbinder quietly captures traffic, reroutes updates to attacker servers.
๐ Full story: https://thehackernews.com/2025/04/chinese-hackers-abuse-ipv6-slaac-for.html
Uses IPv6/DNS to turn Sogou Pinyin & Tencent QQ into WizardNet backdoor delivery for users in ๐จ๐ณ๐ญ๐ฐ๐ฐ๐ญ๐ต๐ญ๐ฆ๐ช.
๐ Their tool Spellbinder quietly captures traffic, reroutes updates to attacker servers.
๐ Full story: https://thehackernews.com/2025/04/chinese-hackers-abuse-ipv6-slaac-for.html
๐ฅ8๐5๐4
๐ โAll my shows were in Spanish. I didnโt change anything.โ
Thatโs not a glitchโitโs an account takeover.
๐ 100K+ accounts/mo exposed on major platforms.
๐ฎ Streaming, gaming, SaaS vulnerable.
๐ง MFA fails vs. stolen session cookies.
Act now: Monitor infostealers. Reset risk. Rebuild trust.
๐ ReadfFull story + Flareโs ATO report: https://thehackernews.com/2025/04/customer-account-takeovers-multi.html
Thatโs not a glitchโitโs an account takeover.
๐ 100K+ accounts/mo exposed on major platforms.
๐ฎ Streaming, gaming, SaaS vulnerable.
๐ง MFA fails vs. stolen session cookies.
Act now: Monitor infostealers. Reset risk. Rebuild trust.
๐ ReadfFull story + Flareโs ATO report: https://thehackernews.com/2025/04/customer-account-takeovers-multi.html
๐7๐คฏ3
๐จ New Espionage Alert!
A Russian-speaking APT group, Nebulous Mantis, is deploying the stealthy RomCom RAT to target NATO-linked entities, gov agencies, and critical infra โ using bulletproof hosting, IPFS, and over 40 remote commands.
๐ See how it works, whoโs behind it, and why it matters now: https://thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html
A Russian-speaking APT group, Nebulous Mantis, is deploying the stealthy RomCom RAT to target NATO-linked entities, gov agencies, and critical infra โ using bulletproof hosting, IPFS, and over 40 remote commands.
๐ See how it works, whoโs behind it, and why it matters now: https://thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html
๐14๐6
Itโs back! XPOSURE 2025 returns for its fourth year, focused on what matters most: reducing cyber risk exposure.
Join Pentera and top cybersecurity leaders at the National Exposure Management vSummit to discover how leading security teams are taking a proactive approach to managing enterprise-wide exposure.
๐ Bonus: The first 150 registrants will receive an Uber Eats voucher upon registration!
๐ June 18 | 11 AM ET | Virtual
๐ Register now: https://thn.news/xposure2025-pentera
#XPOSURE2025 #ExposureManagement #CyberSecurityLeadership #EnterpriseSecurity
Join Pentera and top cybersecurity leaders at the National Exposure Management vSummit to discover how leading security teams are taking a proactive approach to managing enterprise-wide exposure.
๐ Bonus: The first 150 registrants will receive an Uber Eats voucher upon registration!
๐ June 18 | 11 AM ET | Virtual
๐ Register now: https://thn.news/xposure2025-pentera
#XPOSURE2025 #ExposureManagement #CyberSecurityLeadership #EnterpriseSecurity
๐10๐4๐ฅ1
This media is not supported in your browser
VIEW IN TELEGRAM
๐จ AI tools are learning too fastโand so are attackers.
New report reveals how MCP & A2A protocols can be hijacked to leak emails, spoof agents, and silently override tool logic.
๐ Tool poisoning
๐ง Prompt injection
๐ต๏ธ Agent impersonation
Even benign tools can flip maliciousโno warning, no second prompt.
๐ Learn about this new AI attack surface โ https://thehackernews.com/2025/04/experts-uncover-critical-mcp-and-a2a.html
New report reveals how MCP & A2A protocols can be hijacked to leak emails, spoof agents, and silently override tool logic.
๐ Tool poisoning
๐ง Prompt injection
๐ต๏ธ Agent impersonation
Even benign tools can flip maliciousโno warning, no second prompt.
๐ Learn about this new AI attack surface โ https://thehackernews.com/2025/04/experts-uncover-critical-mcp-and-a2a.html
๐15
๐ค Hackers arenโt cracking passwords anymoreโtheyโre impersonating you.
From AI deepfakes to social engineering, attackers now exploit weak links before and after loginโlike during account recovery or onboarding.
๐ Orgs secure login, but not full identity lifecycle. Join free webinar to learn:
โ Enforce phishing-resistant MFA
โ Secure device trust
โ Protect identity from onboarding to recovery
๐ Register now โ https://thehackernews.com/2025/04/free-webinar-guide-to-securing-your.html
From AI deepfakes to social engineering, attackers now exploit weak links before and after loginโlike during account recovery or onboarding.
๐ Orgs secure login, but not full identity lifecycle. Join free webinar to learn:
โ Enforce phishing-resistant MFA
โ Secure device trust
โ Protect identity from onboarding to recovery
๐ Register now โ https://thehackernews.com/2025/04/free-webinar-guide-to-securing-your.html
๐ฅ20๐9๐1๐ฑ1
๐จ SonicWall SMA Devices Under Attack!
2 critical flaws (CVEs 2023-44221 & 2024-38475) are being actively exploited in the wild. One allows OS command injection, the other enables session hijacking via Apache rewrite abuse.
SonicWall urges admins:
๐ Check for unauthorized logins
๐ก๏ธ Patch immediately
๐ Details: https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html
2 critical flaws (CVEs 2023-44221 & 2024-38475) are being actively exploited in the wild. One allows OS command injection, the other enables session hijacking via Apache rewrite abuse.
SonicWall urges admins:
๐ Check for unauthorized logins
๐ก๏ธ Patch immediately
๐ Details: https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html
๐8๐4๐1
๐จ UPDATE: Outlaw Botnet Returns After 3-Month Silence ๐
Kaspersky confirms: Outlaw, a Perl-based crypto-mining botnet, is backโtargeting Linux systems in Brazil with brute-force SSH attacks.
๐งช New tactics spotted:
Deploys XMRig miner & IRC-based backdoor
Kills rival miners & high-CPU processes
Masquerades as rsync, evades termination
Allows DDoS, remote control, file exfiltration
๐ Victims detected in ๐บ๐ธ๐ง๐ท๐ฉ๐ช๐ฎ๐น๐น๐ญ๐ธ๐ฌ๐น๐ผ๐จ๐ฆ
๐ Full report + latest update (May 1): https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html
Kaspersky confirms: Outlaw, a Perl-based crypto-mining botnet, is backโtargeting Linux systems in Brazil with brute-force SSH attacks.
๐งช New tactics spotted:
Deploys XMRig miner & IRC-based backdoor
Kills rival miners & high-CPU processes
Masquerades as rsync, evades termination
Allows DDoS, remote control, file exfiltration
๐ Victims detected in ๐บ๐ธ๐ง๐ท๐ฉ๐ช๐ฎ๐น๐น๐ญ๐ธ๐ฌ๐น๐ผ๐จ๐ฆ
๐ Full report + latest update (May 1): https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html
๐ค10๐4
๐ The tools are evolving. So is the intent.
A stealthy phishing wave is slamming key Russian industries with DarkWatchman malware. It evades detection and vanishes on command.
Meanwhile, a new backdoor called Sheriff breached a major Ukrainian platform to spy on defense targetsโquiet, persistent, and dangerous.
๐ Learn more: https://thehackernews.com/2025/05/darkwatchman-sheriff-malware-hit-russia.html
A stealthy phishing wave is slamming key Russian industries with DarkWatchman malware. It evades detection and vanishes on command.
Meanwhile, a new backdoor called Sheriff breached a major Ukrainian platform to spy on defense targetsโquiet, persistent, and dangerous.
๐ Learn more: https://thehackernews.com/2025/05/darkwatchman-sheriff-malware-hit-russia.html
๐ค11๐8๐ฅ3๐1
๐จ AI meets Influence-as-a-Service with chilling implications.
Anthropic's Claude chatbot was hijacked to run a botnet that:
โข Created 100+ fake personas
โข Engaged thousands of users
โข Spread pro-UAE, anti-EU, and political propaganda in ๐ฎ๐ท, ๐ช๐บ, ๐ฐ๐ช
Worse, it aided criminals in writing malware, scraping security cam passwords, and running job scams.
๐ Read: https://thehackernews.com/2025/05/claude-ai-exploited-to-operate-100-fake.html
Anthropic's Claude chatbot was hijacked to run a botnet that:
โข Created 100+ fake personas
โข Engaged thousands of users
โข Spread pro-UAE, anti-EU, and political propaganda in ๐ฎ๐ท, ๐ช๐บ, ๐ฐ๐ช
Worse, it aided criminals in writing malware, scraping security cam passwords, and running job scams.
๐ Read: https://thehackernews.com/2025/05/claude-ai-exploited-to-operate-100-fake.html
๐12๐2
๐จ 569,000 alerts. Only 202 matter.
OX Securityโs 2025 report reveals: 95โ98% of AppSec alerts are noiseโwasting time, burning budgets, and stalling innovation.
๐ Focus on whatโs realโKEVs, secrets, exploitable flaws.
Learn How: https://thehackernews.com/2025/05/new-research-reveals-95-of-appsec-fixes.html
OX Securityโs 2025 report reveals: 95โ98% of AppSec alerts are noiseโwasting time, burning budgets, and stalling innovation.
๐ Focus on whatโs realโKEVs, secrets, exploitable flaws.
Learn How: https://thehackernews.com/2025/05/new-research-reveals-95-of-appsec-fixes.html
๐10๐ฅ3
๐ Nation-state hackers breached Commvaultโs Azure-hosted environment by exploiting a zero-day in Commvaultโs own web server โ CVE-2025-3928.
๐ Check sign-ins
๐ซ Block malicious IPs
๐ Report activity fast
Read now โ https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html
๐ Check sign-ins
๐ซ Block malicious IPs
๐ Report activity fast
Read now โ https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html
๐ค9๐1
๐จ Your tools say you're safe. Attackers know you're not.
They slip past EDR, hide in legit traffic, and lurk for weeks.
Thatโs why SOC teams are turning to Network Detection & Response (NDR)โthe only way to see what endpoint tools miss.
The network doesnโt lie.
Learn more: https://thehackernews.com/2025/05/why-top-soc-teams-are-shifting-to.html
They slip past EDR, hide in legit traffic, and lurk for weeks.
Thatโs why SOC teams are turning to Network Detection & Response (NDR)โthe only way to see what endpoint tools miss.
The network doesnโt lie.
Learn more: https://thehackernews.com/2025/05/why-top-soc-teams-are-shifting-to.html
โก8๐6๐คฏ4๐ฅ2
๐ Hackers are disguising malware as security plugins to hijack sites, inject spammy ads, steal credit cards, & even re-install themselves if deleted.
Some victims are unknowingly losing their own AdSense earnings.
๐ฃ Features: Remote code execution, reverse proxy skimming, JS-based backdoors.
๐ Read: https://thehackernews.com/2025/05/fake-security-plugin-on-wordpress.html
Some victims are unknowingly losing their own AdSense earnings.
๐ฃ Features: Remote code execution, reverse proxy skimming, JS-based backdoors.
๐ Read: https://thehackernews.com/2025/05/fake-security-plugin-on-wordpress.html
๐20๐6๐ฑ2โก1๐คฏ1
๐จ AI isnโt just writing your code โ itโs leaking your secrets.
New GitGuardian data shows AI-assisted repos leak secrets 40% more often than average.
๐ 1,200+ repos leaked secrets in 2025 alone.
๐ Donโt trust. Verify. Full report: https://thehackernews.com/expert-insights/2025/04/the-new-frontier-of-security-risk-ai.html
New GitGuardian data shows AI-assisted repos leak secrets 40% more often than average.
๐ 1,200+ repos leaked secrets in 2025 alone.
๐ Donโt trust. Verify. Full report: https://thehackernews.com/expert-insights/2025/04/the-new-frontier-of-security-risk-ai.html
๐12โก3๐ฅ2๐1
๐ฅ UPDATE - A public PoC exploit is now available for a serious SonicWall SMA exploit chain.
โก๏ธ CVE-2024-38475: Apache HTTP Server flaw used to bypass auth
โก๏ธ CVE-2023-44221: Post-auth command injection via Diagnostics menu
CISA has added both to the KEV catalog โ federal patch deadline: May 22, 2025.
Exploitation is already active in the wild.
๐ Details + PoC: https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html
โก๏ธ CVE-2024-38475: Apache HTTP Server flaw used to bypass auth
โก๏ธ CVE-2023-44221: Post-auth command injection via Diagnostics menu
CISA has added both to the KEV catalog โ federal patch deadline: May 22, 2025.
Exploitation is already active in the wild.
๐ Details + PoC: https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html
๐16๐ฑ1
๐ Microsoft goes passwordless by default for all new accounts.
No more passwords at sign-upโjust passkeys, using biometrics or device PINs. It's phishing-resistant, backed by FIDO standards.
Existing users? You can remove your password now from settings.
Learn more: https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html
No more passwords at sign-upโjust passkeys, using biometrics or device PINs. It's phishing-resistant, backed by FIDO standards.
Existing users? You can remove your password now from settings.
Learn more: https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html
๐32๐ฑ16๐ฅ8๐ค7โก6
๐ฅ Automate the chaos. Stay ahead of CVEs.
LivePerson slashed vuln ticketing time by 60% using a free Tines workflow that:
โ Auto-pulls CISA alerts
โ Enriches with CrowdStrike
โ Sends Slack buttons
โ Creates ServiceNow tickets
No manual tracking. No delays. Just speed.
๐ See how your team can do it too: https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html
LivePerson slashed vuln ticketing time by 60% using a free Tines workflow that:
โ Auto-pulls CISA alerts
โ Enriches with CrowdStrike
โ Sends Slack buttons
โ Creates ServiceNow tickets
No manual tracking. No delays. Just speed.
๐ See how your team can do it too: https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html
๐17๐4๐ค1