🛑 Nation-state hackers breached Commvault’s Azure-hosted environment by exploiting a zero-day in Commvault’s own web server — CVE-2025-3928.

👀 Check sign-ins
🚫 Block malicious IPs
📑 Report activity fast

Read now → https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html

🚨 Your tools say you're safe. Attackers know you're not.

They slip past EDR, hide in legit traffic, and lurk for weeks.

That’s why SOC teams are turning to Network Detection & Response (NDR)—the only way to see what endpoint tools miss.

The network doesn’t lie.

Learn more: https://thehackernews.com/2025/05/why-top-soc-teams-are-shifting-to.html

🛑 Hackers are disguising malware as security plugins to hijack sites, inject spammy ads, steal credit cards, & even re-install themselves if deleted.

Some victims are unknowingly losing their own AdSense earnings.

💣 Features: Remote code execution, reverse proxy skimming, JS-based backdoors.

🔗 Read: https://thehackernews.com/2025/05/fake-security-plugin-on-wordpress.html

🚨 AI isn’t just writing your code — it’s leaking your secrets.

New GitGuardian data shows AI-assisted repos leak secrets 40% more often than average.

📊 1,200+ repos leaked secrets in 2025 alone.

👉 Don’t trust. Verify. Full report: https://thehackernews.com/expert-insights/2025/04/the-new-frontier-of-security-risk-ai.html

🔥 UPDATE - A public PoC exploit is now available for a serious SonicWall SMA exploit chain.

➡️ CVE-2024-38475: Apache HTTP Server flaw used to bypass auth
➡️ CVE-2023-44221: Post-auth command injection via Diagnostics menu

CISA has added both to the KEV catalog — federal patch deadline: May 22, 2025.
Exploitation is already active in the wild.

📎 Details + PoC: https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html

🔐 Microsoft goes passwordless by default for all new accounts.

No more passwords at sign-up—just passkeys, using biometrics or device PINs. It's phishing-resistant, backed by FIDO standards.

Existing users? You can remove your password now from settings.

Learn more: https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html

🔥 Automate the chaos. Stay ahead of CVEs.

LivePerson slashed vuln ticketing time by 60% using a free Tines workflow that:

→ Auto-pulls CISA alerts
→ Enriches with CrowdStrike
→ Sends Slack buttons
→ Creates ServiceNow tickets

No manual tracking. No delays. Just speed.

👀 See how your team can do it too: https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html

🚨 TikTok Fined €530M for secretly storing EU user data in China, violating GDPR rules.

🇪🇺 Ireland’s DPC says TikTok misled regulators, failed to ensure EU-level privacy, and ignored China’s surveillance risks.

They now have 6 months to stop transfers.

🔗 Read more: https://thehackernews.com/2025/05/tiktok-slammed-with-530-million-gdpr.html

📉 Second major GDPR fine after a €345M penalty in 2023.

🚨 U.S. charges Yemeni national with deploying Black Kingdom ransomware on 1,500+ systems—from hospitals to schools—via Microsoft ProxyLogon.

💥 Targets paid in Bitcoin.

🔗 Read more: https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html

🔥 Two years inside. Nation-state footprints. Critical infrastructure targeted.

Fortinet links Iranian APT Lemon Sandstorm to a stealthy attack on a Middle East CNI (May '23–Feb '25).
Used VPN exploits, chained proxies, 7 custom backdoors across 4 phases.

Read this story ➡️ https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html

🚨 Malicious Go modules are nuking Linux systems—wiping entire disks beyond recovery using hidden payloads.

🧨 3 GitHub-hosted packages posed as dev tools. Once run on Linux, they downloaded a script to overwrite /dev/sda—killing the OS.

At the same time, npm & PyPI malware is:
| 🪙 Stealing crypto keys
| 📧 Using Gmail to exfiltrate data
| 🔁 Hiding via WebSockets

👀 Over 75,000+ downloads so far.

Read → https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html

🚨 New malware drop from Golden Chickens: TerraStealerV2 steals browser logins, crypto wallets, and extensions, while TerraLogger silently records keystrokes.

📦 Spread via EXE, MSI, LNK, OCX
📤 Sends data to Telegram + shady domain

🔗 Read this report: https://thehackernews.com/2025/05/golden-chickens-deploy-terrastealerv2.html

🚨 You’re not running a security team. You're the security team.

One inbox. One admin panel. A hundred fire drills. Google Workspace helps—but attackers slip through the cracks.

🔍 Identity is the new perimeter.
🔐 MFA, context-aware access, DLP—start there.
🛠️ Then, monitor, review, remediate.

You don’t need perfection. You need visibility and control.

See how it works → https://thehackernews.com/2025/05/perfection-is-myth-leverage-isnt-how.html

🚨 Zero-click, max impact — and it's already being exploited.

A critical Commvault bug (CVE-2025-34028, CVSS 10.0) lets hackers upload poisoned ZIPs, leading to full remote code execution—no login needed.

Read: https://thehackernews.com/2025/05/commvault-cve-2025-34028-added-to-cisa.html

Deadline for U.S. agencies: May 23.

🚨 Zero-click. Wormable. Network-spreading.

New flaws in Apple’s AirPlay protocol (🔓 AirBorne) could let hackers hijack your device without a click—then ride your Wi-Fi into corporate networks.

CVE-2025-24252 + CVE-2025-24132 = silent RCE across Macs, TVs, speakers. Just being on the same Wi-Fi can be enough.

🔗 Learn more: https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html

📲 Update all AirPlay-enabled devices now—personal & work.

🔥 New Edition Just Dropped!

Cybersecurity Weekly Recap | May 5 —— From nation-state hacks to deepfake-ready malware, this week’s intel is packed:

• Iranian APT lurked 2 yrs in critical infra
• Claude chatbot abused for political ops
• TikTok hit with $601M fine over China data
• 30+ new CVEs to patch now
• Magento supply chain backdoor activated after 6 yrs

Read the full recap → https://thehackernews.com/2025/05/weekly-recap-nation-state-hacks-spyware.html

🛑 Critical Langflow Flaw Actively Exploited!

CISA has added CVE-2025-3248 to its Known Exploited Vulnerabilities list.

• CVSS: 9.8
• Affects most Langflow versions
• Allows remote code execution without login
• PoC exploit published April 9
• 466 servers exposed worldwide

➡️ Full story: https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html

🚨 Exploited in the wild. No user click needed.

Google patches 46 Android flaws, including CVE-2025-27363—a critical System bug tied to the FreeType font engine.

Discovered by Meta in March, it's now confirmed active.

🔗 Learn more: https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html

🔥 AI agents are the new insider threat—fast, autonomous, and already slipping past security.

Meanwhile, users just want to work—on personal devices, with unsanctioned apps, and now AI tools.

The Access-Trust Gap is real—and growing.

✅ It’s time to move from blocking to governing access, for humans and machines.

👉 Read more from Dave Lewis, Global Advisory CISO at 1Password: https://thehackernews.com/expert-insights/2025/05/ai-access-trust-gap-droids-were-looking.html

🚨 UPDATE - Darcula’s secret weapon exposed!

NRK & Mnemonic uncover Magic Cat — a phishing toolkit behind 884K+ stolen cards in 7 months.

🔹 13M+ clicked links
🔹 600+ scammers
🔹 Real-time data & PIN capture
🔹 19K+ victims in Norway alone

Dev behind it? A 24-year-old from China.
The company? Claims it’s just “a website builder.”

🔗 Full story: https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html

🚨 Plug-and-play ≠ safe.

Default Helm charts are silently exposing your Kubernetes clusters to attackers.

Microsoft warns: popular open-source tools like Apache Pinot, Meshery & Selenium Grid ship with no auth, open ports, and public IPs by default.

Details → https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html

Act now:
✔️ Audit Helm charts & YAMLs
✔️ Lock down network exposure
✔️ Monitor container behavior