🚨 Malicious Go modules are nuking Linux systems—wiping entire disks beyond recovery using hidden payloads.

🧨 3 GitHub-hosted packages posed as dev tools. Once run on Linux, they downloaded a script to overwrite /dev/sda—killing the OS.

At the same time, npm & PyPI malware is:
| 🪙 Stealing crypto keys
| 📧 Using Gmail to exfiltrate data
| 🔁 Hiding via WebSockets

👀 Over 75,000+ downloads so far.

Read → https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html

🚨 New malware drop from Golden Chickens: TerraStealerV2 steals browser logins, crypto wallets, and extensions, while TerraLogger silently records keystrokes.

📦 Spread via EXE, MSI, LNK, OCX
📤 Sends data to Telegram + shady domain

🔗 Read this report: https://thehackernews.com/2025/05/golden-chickens-deploy-terrastealerv2.html

🚨 You’re not running a security team. You're the security team.

One inbox. One admin panel. A hundred fire drills. Google Workspace helps—but attackers slip through the cracks.

🔍 Identity is the new perimeter.
🔐 MFA, context-aware access, DLP—start there.
🛠️ Then, monitor, review, remediate.

You don’t need perfection. You need visibility and control.

See how it works → https://thehackernews.com/2025/05/perfection-is-myth-leverage-isnt-how.html

🚨 Zero-click, max impact — and it's already being exploited.

A critical Commvault bug (CVE-2025-34028, CVSS 10.0) lets hackers upload poisoned ZIPs, leading to full remote code execution—no login needed.

Read: https://thehackernews.com/2025/05/commvault-cve-2025-34028-added-to-cisa.html

Deadline for U.S. agencies: May 23.

🚨 Zero-click. Wormable. Network-spreading.

New flaws in Apple’s AirPlay protocol (🔓 AirBorne) could let hackers hijack your device without a click—then ride your Wi-Fi into corporate networks.

CVE-2025-24252 + CVE-2025-24132 = silent RCE across Macs, TVs, speakers. Just being on the same Wi-Fi can be enough.

🔗 Learn more: https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html

📲 Update all AirPlay-enabled devices now—personal & work.

🔥 New Edition Just Dropped!

Cybersecurity Weekly Recap | May 5 —— From nation-state hacks to deepfake-ready malware, this week’s intel is packed:

• Iranian APT lurked 2 yrs in critical infra
• Claude chatbot abused for political ops
• TikTok hit with $601M fine over China data
• 30+ new CVEs to patch now
• Magento supply chain backdoor activated after 6 yrs

Read the full recap → https://thehackernews.com/2025/05/weekly-recap-nation-state-hacks-spyware.html

🛑 Critical Langflow Flaw Actively Exploited!

CISA has added CVE-2025-3248 to its Known Exploited Vulnerabilities list.

• CVSS: 9.8
• Affects most Langflow versions
• Allows remote code execution without login
• PoC exploit published April 9
• 466 servers exposed worldwide

➡️ Full story: https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html

🚨 Exploited in the wild. No user click needed.

Google patches 46 Android flaws, including CVE-2025-27363—a critical System bug tied to the FreeType font engine.

Discovered by Meta in March, it's now confirmed active.

🔗 Learn more: https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html

🔥 AI agents are the new insider threat—fast, autonomous, and already slipping past security.

Meanwhile, users just want to work—on personal devices, with unsanctioned apps, and now AI tools.

The Access-Trust Gap is real—and growing.

✅ It’s time to move from blocking to governing access, for humans and machines.

👉 Read more from Dave Lewis, Global Advisory CISO at 1Password: https://thehackernews.com/expert-insights/2025/05/ai-access-trust-gap-droids-were-looking.html

🚨 UPDATE - Darcula’s secret weapon exposed!

NRK & Mnemonic uncover Magic Cat — a phishing toolkit behind 884K+ stolen cards in 7 months.

🔹 13M+ clicked links
🔹 600+ scammers
🔹 Real-time data & PIN capture
🔹 19K+ victims in Norway alone

Dev behind it? A 24-year-old from China.
The company? Claims it’s just “a website builder.”

🔗 Full story: https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html

🚨 Plug-and-play ≠ safe.

Default Helm charts are silently exposing your Kubernetes clusters to attackers.

Microsoft warns: popular open-source tools like Apache Pinot, Meshery & Selenium Grid ship with no auth, open ports, and public IPs by default.

Details → https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html

Act now:
✔️ Audit Helm charts & YAMLs
✔️ Lock down network exposure
✔️ Monitor container behavior

🚨 600 million attacks hit Microsoft Entra ID—every single day.

It’s the heart of your access and identity. If it goes down, everything stops:

❌ No logins
❌ No compliance
❌ No recovery

Built-in tools won’t save you.

You need full backup and fast recovery. Because when identity breaks, so does your business.

Learn more: https://thehackernews.com/2025/05/entra-id-data-protectionessential-or.html

🔥 Not your typical breach…

Verizon’s 2025 DBIR shows:
➡️ Third-party breaches doubled (15% → 30%)
➡️ Attackers now target machine accounts more than ever

👀 Identity sprawl = rising risk.

Human or machine — if it’s not governed, it’s vulnerable.

🔗 Learn why unified identity security is no longer optional → https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html

🚨 Cybercrime meets Hollywood glitz — and it's all fake.

Two threat groups, Reckless Rabbit & Ruthless Rabbit, are scamming thousands using AI deepfakes, celebrity endorsements, and fake investment sites via Facebook ads.

Victims? Lured in, validated, then drained.

Meanwhile, Facebook ad slots are being flooded with “mystery box” clearance scams for $2 Apple products — but the only surprise is recurring charges and stolen data.

Read. Verify. Warn others. | Full story ➝ https://thehackernews.com/2025/05/new-investment-scams-use-facebook-ads.html

🔥 Old IoT devices are now botnet soldiers.

Hackers are hijacking end-of-life GeoVision gear & Samsung MagicINFO servers to spread Mirai malware, launching DDoS attacks via unpatched flaws (CVSS 9.8, 8.8).

Exploits live. PoC dropped. Attacks rising.

If you’re running outdated firmware—you’re already a target.

Read this report: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html

⚖️ A U.S. jury just hit NSO Group with $168M in damages for using Pegasus spyware to hack WhatsApp users in 51 countries—including 456 in Mexico, 100 in India, and dozens more in Bahrain, Morocco & Pakistan.

Meta proved NSO used a zero-day in WhatsApp calls (CVE-2019-3568) to silently hack phones—no tap needed.

🔗 Details: https://thehackernews.com/2025/05/nso-group-fined-168m-for-targeting-1400.html

🧪 Looks like a harmless Discord dev tool…

But behind the scenes? Full remote access.

📦 A fake PyPI package has 11,574+ installs
💥 Still live. Still dangerous.
😨 You won’t believe how it bypasses firewalls.

And it’s not the only one.

👀 What else is hiding in your software stack?

Read the full uncovering by researchers: https://thehackernews.com/2025/05/researchers-uncover-malware-in-fake.html

🚨 A U.S. org was hit by Play ransomware using CVE-2025-29824 before it was patched. Attackers slipped in via a Cisco ASA, dropped fake Palo Alto files, stole AD data, and planted custom tools — but didn’t launch ransomware.

🔗 Read: https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html

🚨 Your SSE stack sees the network—but not the browser.

🔹 It can’t tell if a user pastes code into ChatGPT.
🔹 Or uploads IP to Dropbox.
🔹 Or uses a personal Google Drive.
🔹 Or if a browser extension is stealing credentials.

That’s the last mile—and it’s unprotected.

A new report reveals the blind spot in today’s SSE architectures… and what’s needed to fix it.

👉 Don’t secure half the picture | Read the report: https://thehackernews.com/2025/05/reevaluating-sses-technical-gap.html

🚨 No login. Full access. One POST request.

A newly revealed exploit chain in on-prem SysAid lets attackers go from XXE injection to admin takeover—and that’s before combining it with OS-level command injection.

Details: https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html

Admins, don’t wait—patch now.

Don’t let attackers turn your own tools against you. 🚨

Bitdefender brings true innovation to endpoint security with the launch of GravityZone PHASR — the industry’s first solution to dynamically tailor hardening for each user.

Learn more: https://thn.news/gravityzone-phasr