π₯ UPDATE - A public PoC exploit is now available for a serious SonicWall SMA exploit chain.
β‘οΈ CVE-2024-38475: Apache HTTP Server flaw used to bypass auth
β‘οΈ CVE-2023-44221: Post-auth command injection via Diagnostics menu
CISA has added both to the KEV catalog β federal patch deadline: May 22, 2025.
Exploitation is already active in the wild.
π Details + PoC: https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html
β‘οΈ CVE-2024-38475: Apache HTTP Server flaw used to bypass auth
β‘οΈ CVE-2023-44221: Post-auth command injection via Diagnostics menu
CISA has added both to the KEV catalog β federal patch deadline: May 22, 2025.
Exploitation is already active in the wild.
π Details + PoC: https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html
π16π±1
π Microsoft goes passwordless by default for all new accounts.
No more passwords at sign-upβjust passkeys, using biometrics or device PINs. It's phishing-resistant, backed by FIDO standards.
Existing users? You can remove your password now from settings.
Learn more: https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html
No more passwords at sign-upβjust passkeys, using biometrics or device PINs. It's phishing-resistant, backed by FIDO standards.
Existing users? You can remove your password now from settings.
Learn more: https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html
π32π±16π₯8π€7β‘6
π₯ Automate the chaos. Stay ahead of CVEs.
LivePerson slashed vuln ticketing time by 60% using a free Tines workflow that:
β Auto-pulls CISA alerts
β Enriches with CrowdStrike
β Sends Slack buttons
β Creates ServiceNow tickets
No manual tracking. No delays. Just speed.
π See how your team can do it too: https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html
LivePerson slashed vuln ticketing time by 60% using a free Tines workflow that:
β Auto-pulls CISA alerts
β Enriches with CrowdStrike
β Sends Slack buttons
β Creates ServiceNow tickets
No manual tracking. No delays. Just speed.
π See how your team can do it too: https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html
π17π4π€1
π¨ TikTok Fined β¬530M for secretly storing EU user data in China, violating GDPR rules.
πͺπΊ Irelandβs DPC says TikTok misled regulators, failed to ensure EU-level privacy, and ignored Chinaβs surveillance risks.
They now have 6 months to stop transfers.
π Read more: https://thehackernews.com/2025/05/tiktok-slammed-with-530-million-gdpr.html
π Second major GDPR fine after a β¬345M penalty in 2023.
πͺπΊ Irelandβs DPC says TikTok misled regulators, failed to ensure EU-level privacy, and ignored Chinaβs surveillance risks.
They now have 6 months to stop transfers.
π Read more: https://thehackernews.com/2025/05/tiktok-slammed-with-530-million-gdpr.html
π Second major GDPR fine after a β¬345M penalty in 2023.
π40π24π±11π€―7π5π₯2
π¨ U.S. charges Yemeni national with deploying Black Kingdom ransomware on 1,500+ systemsβfrom hospitals to schoolsβvia Microsoft ProxyLogon.
π₯ Targets paid in Bitcoin.
π Read more: https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html
π₯ Targets paid in Bitcoin.
π Read more: https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html
π31π7π4π€4β‘1
π₯ Two years inside. Nation-state footprints. Critical infrastructure targeted.
Fortinet links Iranian APT Lemon Sandstorm to a stealthy attack on a Middle East CNI (May '23βFeb '25).
Used VPN exploits, chained proxies, 7 custom backdoors across 4 phases.
Read this story β‘οΈ https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html
Fortinet links Iranian APT Lemon Sandstorm to a stealthy attack on a Middle East CNI (May '23βFeb '25).
Used VPN exploits, chained proxies, 7 custom backdoors across 4 phases.
Read this story β‘οΈ https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html
π12π10β‘5π₯4
π¨ Malicious Go modules are nuking Linux systemsβwiping entire disks beyond recovery using hidden payloads.
𧨠3 GitHub-hosted packages posed as dev tools. Once run on Linux, they downloaded a script to overwrite /dev/sdaβkilling the OS.
At the same time, npm & PyPI malware is:
| πͺ Stealing crypto keys
| π§ Using Gmail to exfiltrate data
| π Hiding via WebSockets
π Over 75,000+ downloads so far.
Read β https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html
𧨠3 GitHub-hosted packages posed as dev tools. Once run on Linux, they downloaded a script to overwrite /dev/sdaβkilling the OS.
At the same time, npm & PyPI malware is:
| πͺ Stealing crypto keys
| π§ Using Gmail to exfiltrate data
| π Hiding via WebSockets
π Over 75,000+ downloads so far.
Read β https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html
π±29π16π€12π€―8π6β‘3π₯1
π¨ New malware drop from Golden Chickens: TerraStealerV2 steals browser logins, crypto wallets, and extensions, while TerraLogger silently records keystrokes.
π¦ Spread via EXE, MSI, LNK, OCX
π€ Sends data to Telegram + shady domain
π Read this report: https://thehackernews.com/2025/05/golden-chickens-deploy-terrastealerv2.html
π¦ Spread via EXE, MSI, LNK, OCX
π€ Sends data to Telegram + shady domain
π Read this report: https://thehackernews.com/2025/05/golden-chickens-deploy-terrastealerv2.html
π25β‘3π1π€―1
π¨ Youβre not running a security team. You're the security team.
One inbox. One admin panel. A hundred fire drills. Google Workspace helpsβbut attackers slip through the cracks.
π Identity is the new perimeter.
π MFA, context-aware access, DLPβstart there.
π οΈ Then, monitor, review, remediate.
You donβt need perfection. You need visibility and control.
See how it works β https://thehackernews.com/2025/05/perfection-is-myth-leverage-isnt-how.html
One inbox. One admin panel. A hundred fire drills. Google Workspace helpsβbut attackers slip through the cracks.
π Identity is the new perimeter.
π MFA, context-aware access, DLPβstart there.
π οΈ Then, monitor, review, remediate.
You donβt need perfection. You need visibility and control.
See how it works β https://thehackernews.com/2025/05/perfection-is-myth-leverage-isnt-how.html
π15π5π₯2
π¨ Zero-click, max impact β and it's already being exploited.
A critical Commvault bug (CVE-2025-34028, CVSS 10.0) lets hackers upload poisoned ZIPs, leading to full remote code executionβno login needed.
Read: https://thehackernews.com/2025/05/commvault-cve-2025-34028-added-to-cisa.html
Deadline for U.S. agencies: May 23.
A critical Commvault bug (CVE-2025-34028, CVSS 10.0) lets hackers upload poisoned ZIPs, leading to full remote code executionβno login needed.
Read: https://thehackernews.com/2025/05/commvault-cve-2025-34028-added-to-cisa.html
Deadline for U.S. agencies: May 23.
β‘13π5π1
π¨ Zero-click. Wormable. Network-spreading.
New flaws in Appleβs AirPlay protocol (π AirBorne) could let hackers hijack your device without a clickβthen ride your Wi-Fi into corporate networks.
CVE-2025-24252 + CVE-2025-24132 = silent RCE across Macs, TVs, speakers. Just being on the same Wi-Fi can be enough.
π Learn more: https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html
π² Update all AirPlay-enabled devices nowβpersonal & work.
New flaws in Appleβs AirPlay protocol (π AirBorne) could let hackers hijack your device without a clickβthen ride your Wi-Fi into corporate networks.
CVE-2025-24252 + CVE-2025-24132 = silent RCE across Macs, TVs, speakers. Just being on the same Wi-Fi can be enough.
π Learn more: https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html
π² Update all AirPlay-enabled devices nowβpersonal & work.
π12π₯4
π₯ New Edition Just Dropped!
Cybersecurity Weekly Recap | May 5 ββ From nation-state hacks to deepfake-ready malware, this weekβs intel is packed:
β’ Iranian APT lurked 2 yrs in critical infra
β’ Claude chatbot abused for political ops
β’ TikTok hit with $601M fine over China data
β’ 30+ new CVEs to patch now
β’ Magento supply chain backdoor activated after 6 yrs
Read the full recap β https://thehackernews.com/2025/05/weekly-recap-nation-state-hacks-spyware.html
Cybersecurity Weekly Recap | May 5 ββ From nation-state hacks to deepfake-ready malware, this weekβs intel is packed:
β’ Iranian APT lurked 2 yrs in critical infra
β’ Claude chatbot abused for political ops
β’ TikTok hit with $601M fine over China data
β’ 30+ new CVEs to patch now
β’ Magento supply chain backdoor activated after 6 yrs
Read the full recap β https://thehackernews.com/2025/05/weekly-recap-nation-state-hacks-spyware.html
π18β‘2π₯1
π Critical Langflow Flaw Actively Exploited!
CISA has added CVE-2025-3248 to its Known Exploited Vulnerabilities list.
β’ CVSS: 9.8
β’ Affects most Langflow versions
β’ Allows remote code execution without login
β’ PoC exploit published April 9
β’ 466 servers exposed worldwide
β‘οΈ Full story: https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html
CISA has added CVE-2025-3248 to its Known Exploited Vulnerabilities list.
β’ CVSS: 9.8
β’ Affects most Langflow versions
β’ Allows remote code execution without login
β’ PoC exploit published April 9
β’ 466 servers exposed worldwide
β‘οΈ Full story: https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html
π€―5π2π±1
π¨ Exploited in the wild. No user click needed.
Google patches 46 Android flaws, including CVE-2025-27363βa critical System bug tied to the FreeType font engine.
Discovered by Meta in March, it's now confirmed active.
π Learn more: https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html
Google patches 46 Android flaws, including CVE-2025-27363βa critical System bug tied to the FreeType font engine.
Discovered by Meta in March, it's now confirmed active.
π Learn more: https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html
π±10π2π₯2
π₯ AI agents are the new insider threatβfast, autonomous, and already slipping past security.
Meanwhile, users just want to workβon personal devices, with unsanctioned apps, and now AI tools.
The Access-Trust Gap is realβand growing.
β Itβs time to move from blocking to governing access, for humans and machines.
π Read more from Dave Lewis, Global Advisory CISO at 1Password: https://thehackernews.com/expert-insights/2025/05/ai-access-trust-gap-droids-were-looking.html
Meanwhile, users just want to workβon personal devices, with unsanctioned apps, and now AI tools.
The Access-Trust Gap is realβand growing.
β Itβs time to move from blocking to governing access, for humans and machines.
π Read more from Dave Lewis, Global Advisory CISO at 1Password: https://thehackernews.com/expert-insights/2025/05/ai-access-trust-gap-droids-were-looking.html
π₯8π5
This media is not supported in your browser
VIEW IN TELEGRAM
π¨ UPDATE - Darculaβs secret weapon exposed!
NRK & Mnemonic uncover Magic Cat β a phishing toolkit behind 884K+ stolen cards in 7 months.
πΉ 13M+ clicked links
πΉ 600+ scammers
πΉ Real-time data & PIN capture
πΉ 19K+ victims in Norway alone
Dev behind it? A 24-year-old from China.
The company? Claims itβs just βa website builder.β
π Full story: https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html
NRK & Mnemonic uncover Magic Cat β a phishing toolkit behind 884K+ stolen cards in 7 months.
πΉ 13M+ clicked links
πΉ 600+ scammers
πΉ Real-time data & PIN capture
πΉ 19K+ victims in Norway alone
Dev behind it? A 24-year-old from China.
The company? Claims itβs just βa website builder.β
π Full story: https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html
π±15π6π₯4β‘1π€―1
π¨ Plug-and-play β safe.
Default Helm charts are silently exposing your Kubernetes clusters to attackers.
Microsoft warns: popular open-source tools like Apache Pinot, Meshery & Selenium Grid ship with no auth, open ports, and public IPs by default.
Details β https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html
Act now:
βοΈ Audit Helm charts & YAMLs
βοΈ Lock down network exposure
βοΈ Monitor container behavior
Default Helm charts are silently exposing your Kubernetes clusters to attackers.
Microsoft warns: popular open-source tools like Apache Pinot, Meshery & Selenium Grid ship with no auth, open ports, and public IPs by default.
Details β https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html
Act now:
βοΈ Audit Helm charts & YAMLs
βοΈ Lock down network exposure
βοΈ Monitor container behavior
π13π±3
π¨ 600 million attacks hit Microsoft Entra IDβevery single day.
Itβs the heart of your access and identity. If it goes down, everything stops:
β No logins
β No compliance
β No recovery
Built-in tools wonβt save you.
You need full backup and fast recovery. Because when identity breaks, so does your business.
Learn more: https://thehackernews.com/2025/05/entra-id-data-protectionessential-or.html
Itβs the heart of your access and identity. If it goes down, everything stops:
β No logins
β No compliance
β No recovery
Built-in tools wonβt save you.
You need full backup and fast recovery. Because when identity breaks, so does your business.
Learn more: https://thehackernews.com/2025/05/entra-id-data-protectionessential-or.html
π16π7π2
π₯ Not your typical breachβ¦
Verizonβs 2025 DBIR shows:
β‘οΈ Third-party breaches doubled (15% β 30%)
β‘οΈ Attackers now target machine accounts more than ever
π Identity sprawl = rising risk.
Human or machine β if itβs not governed, itβs vulnerable.
π Learn why unified identity security is no longer optional β https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html
Verizonβs 2025 DBIR shows:
β‘οΈ Third-party breaches doubled (15% β 30%)
β‘οΈ Attackers now target machine accounts more than ever
π Identity sprawl = rising risk.
Human or machine β if itβs not governed, itβs vulnerable.
π Learn why unified identity security is no longer optional β https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html
π10
π¨ Cybercrime meets Hollywood glitz β and it's all fake.
Two threat groups, Reckless Rabbit & Ruthless Rabbit, are scamming thousands using AI deepfakes, celebrity endorsements, and fake investment sites via Facebook ads.
Victims? Lured in, validated, then drained.
Meanwhile, Facebook ad slots are being flooded with βmystery boxβ clearance scams for $2 Apple products β but the only surprise is recurring charges and stolen data.
Read. Verify. Warn others. | Full story β https://thehackernews.com/2025/05/new-investment-scams-use-facebook-ads.html
Two threat groups, Reckless Rabbit & Ruthless Rabbit, are scamming thousands using AI deepfakes, celebrity endorsements, and fake investment sites via Facebook ads.
Victims? Lured in, validated, then drained.
Meanwhile, Facebook ad slots are being flooded with βmystery boxβ clearance scams for $2 Apple products β but the only surprise is recurring charges and stolen data.
Read. Verify. Warn others. | Full story β https://thehackernews.com/2025/05/new-investment-scams-use-facebook-ads.html
π12π₯3
π₯ Old IoT devices are now botnet soldiers.
Hackers are hijacking end-of-life GeoVision gear & Samsung MagicINFO servers to spread Mirai malware, launching DDoS attacks via unpatched flaws (CVSS 9.8, 8.8).
Exploits live. PoC dropped. Attacks rising.
If youβre running outdated firmwareβyouβre already a target.
Read this report: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html
Hackers are hijacking end-of-life GeoVision gear & Samsung MagicINFO servers to spread Mirai malware, launching DDoS attacks via unpatched flaws (CVSS 9.8, 8.8).
Exploits live. PoC dropped. Attacks rising.
If youβre running outdated firmwareβyouβre already a target.
Read this report: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html
π€17π11π5π₯3