🔥 New Edition Just Dropped!

Cybersecurity Weekly Recap | May 5 —— From nation-state hacks to deepfake-ready malware, this week’s intel is packed:

• Iranian APT lurked 2 yrs in critical infra
• Claude chatbot abused for political ops
• TikTok hit with $601M fine over China data
• 30+ new CVEs to patch now
• Magento supply chain backdoor activated after 6 yrs

Read the full recap → https://thehackernews.com/2025/05/weekly-recap-nation-state-hacks-spyware.html

🛑 Critical Langflow Flaw Actively Exploited!

CISA has added CVE-2025-3248 to its Known Exploited Vulnerabilities list.

• CVSS: 9.8
• Affects most Langflow versions
• Allows remote code execution without login
• PoC exploit published April 9
• 466 servers exposed worldwide

➡️ Full story: https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html

🚨 Exploited in the wild. No user click needed.

Google patches 46 Android flaws, including CVE-2025-27363—a critical System bug tied to the FreeType font engine.

Discovered by Meta in March, it's now confirmed active.

🔗 Learn more: https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html

🔥 AI agents are the new insider threat—fast, autonomous, and already slipping past security.

Meanwhile, users just want to work—on personal devices, with unsanctioned apps, and now AI tools.

The Access-Trust Gap is real—and growing.

✅ It’s time to move from blocking to governing access, for humans and machines.

👉 Read more from Dave Lewis, Global Advisory CISO at 1Password: https://thehackernews.com/expert-insights/2025/05/ai-access-trust-gap-droids-were-looking.html

🚨 UPDATE - Darcula’s secret weapon exposed!

NRK & Mnemonic uncover Magic Cat — a phishing toolkit behind 884K+ stolen cards in 7 months.

🔹 13M+ clicked links
🔹 600+ scammers
🔹 Real-time data & PIN capture
🔹 19K+ victims in Norway alone

Dev behind it? A 24-year-old from China.
The company? Claims it’s just “a website builder.”

🔗 Full story: https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html

🚨 Plug-and-play ≠ safe.

Default Helm charts are silently exposing your Kubernetes clusters to attackers.

Microsoft warns: popular open-source tools like Apache Pinot, Meshery & Selenium Grid ship with no auth, open ports, and public IPs by default.

Details → https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html

Act now:
✔️ Audit Helm charts & YAMLs
✔️ Lock down network exposure
✔️ Monitor container behavior

🚨 600 million attacks hit Microsoft Entra ID—every single day.

It’s the heart of your access and identity. If it goes down, everything stops:

❌ No logins
❌ No compliance
❌ No recovery

Built-in tools won’t save you.

You need full backup and fast recovery. Because when identity breaks, so does your business.

Learn more: https://thehackernews.com/2025/05/entra-id-data-protectionessential-or.html

🔥 Not your typical breach…

Verizon’s 2025 DBIR shows:
➡️ Third-party breaches doubled (15% → 30%)
➡️ Attackers now target machine accounts more than ever

👀 Identity sprawl = rising risk.

Human or machine — if it’s not governed, it’s vulnerable.

🔗 Learn why unified identity security is no longer optional → https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html

🚨 Cybercrime meets Hollywood glitz — and it's all fake.

Two threat groups, Reckless Rabbit & Ruthless Rabbit, are scamming thousands using AI deepfakes, celebrity endorsements, and fake investment sites via Facebook ads.

Victims? Lured in, validated, then drained.

Meanwhile, Facebook ad slots are being flooded with “mystery box” clearance scams for $2 Apple products — but the only surprise is recurring charges and stolen data.

Read. Verify. Warn others. | Full story ➝ https://thehackernews.com/2025/05/new-investment-scams-use-facebook-ads.html

🔥 Old IoT devices are now botnet soldiers.

Hackers are hijacking end-of-life GeoVision gear & Samsung MagicINFO servers to spread Mirai malware, launching DDoS attacks via unpatched flaws (CVSS 9.8, 8.8).

Exploits live. PoC dropped. Attacks rising.

If you’re running outdated firmware—you’re already a target.

Read this report: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html

⚖️ A U.S. jury just hit NSO Group with $168M in damages for using Pegasus spyware to hack WhatsApp users in 51 countries—including 456 in Mexico, 100 in India, and dozens more in Bahrain, Morocco & Pakistan.

Meta proved NSO used a zero-day in WhatsApp calls (CVE-2019-3568) to silently hack phones—no tap needed.

🔗 Details: https://thehackernews.com/2025/05/nso-group-fined-168m-for-targeting-1400.html

🧪 Looks like a harmless Discord dev tool…

But behind the scenes? Full remote access.

📦 A fake PyPI package has 11,574+ installs
💥 Still live. Still dangerous.
😨 You won’t believe how it bypasses firewalls.

And it’s not the only one.

👀 What else is hiding in your software stack?

Read the full uncovering by researchers: https://thehackernews.com/2025/05/researchers-uncover-malware-in-fake.html

🚨 A U.S. org was hit by Play ransomware using CVE-2025-29824 before it was patched. Attackers slipped in via a Cisco ASA, dropped fake Palo Alto files, stole AD data, and planted custom tools — but didn’t launch ransomware.

🔗 Read: https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html

🚨 Your SSE stack sees the network—but not the browser.

🔹 It can’t tell if a user pastes code into ChatGPT.
🔹 Or uploads IP to Dropbox.
🔹 Or uses a personal Google Drive.
🔹 Or if a browser extension is stealing credentials.

That’s the last mile—and it’s unprotected.

A new report reveals the blind spot in today’s SSE architectures… and what’s needed to fix it.

👉 Don’t secure half the picture | Read the report: https://thehackernews.com/2025/05/reevaluating-sses-technical-gap.html

🚨 No login. Full access. One POST request.

A newly revealed exploit chain in on-prem SysAid lets attackers go from XXE injection to admin takeover—and that’s before combining it with OS-level command injection.

Details: https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html

Admins, don’t wait—patch now.

Don’t let attackers turn your own tools against you. 🚨

Bitdefender brings true innovation to endpoint security with the launch of GravityZone PHASR — the industry’s first solution to dynamically tailor hardening for each user.

Learn more: https://thn.news/gravityzone-phasr

🚨 100K+ WordPress sites at risk!

A critical OttoKit flaw (CVSS 9.8) is under active attack—no login needed.

Two bugs. One exploit chain. Admin access in minutes.

Full story, attack IPs, and fix → https://thehackernews.com/2025/05/ottokit-wordpress-plugin-with-100k.html

💪 Europol just dismantled 6 major DDoS-for-hire services used to launch thousands of global attacks—for as little as €10 a hit.

🔹 4 arrested in Poland
🔹 9 domains seized by the U.S.
🔹 Operation PowerOFF strikes again.

These slick platforms let anyone pay to flood schools, gov sites & gaming servers offline, no tech skills needed.

🔗 Read → https://thehackernews.com/2025/05/europol-shuts-down-six-ddos-for-hire.html

🚨 Update: The latest version of Samsung MagicINFO 9 Server is being actively exploited—despite a patch issued in Aug 2024.

🔍 Researchers at Huntress say the flaw is still vulnerable to attack via a public PoC.

🔗 Read: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html

🛑 New Cisco flaw scores a perfect 10.0 CVSS.

A hardcoded token. Root access. No login needed.

If you run Catalyst 9800 wireless controllers, you’ll want to check this fast.

👉 Read more about CVE-2025-20188 here: https://thehackernews.com/2025/05/cisco-patches-cve-2025-20188-100-cvss.html

🛠️ Microsoft hit 1,360 new vulnerabilities in 2024 — a record high. But here’s the twist—critical flaws are at a decade low.

So why are security leaders still on edge? Legacy code, AI risks, unstable patches… and a looming October 2025 deadline.

💥 The real threat isn’t always the loudest one.

Get the full story in the 2025 Microsoft Vulnerabilities Report: https://thehackernews.com/expert-insights/2025/05/dissecting-2025-microsoft.html