h⚡ A China-linked group is actively exploiting a critical CVE-2025-31324 flaw (CVSS 10.0) in SAP NetWeaver, targeting industries from energy to government.

They’re using advanced post-ex tools, fake Cloudflare certs, and hosting malware on Chinese cloud IPs.

Patch fast. Read → https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html

🔐 AI fights scams like never before!

Google just armed Chrome & Android with on-device Gemini Nano AI to block never-before-seen frauds—live, in real-time.

👀 20x more scam pages now detected
📉 80%+ drop in fake airline support
🚨 Android to warn of shady notifications

👉 Read how it works: https://thehackernews.com/2025/05/google-rolls-out-on-device-ai.html

The CVE system is breaking—and attackers are betting on the chaos.

290K+ CVEs. 24K+ still waiting for review. 1 tiny gap = 1 big breach.

We need to stop “managing vulnerabilities” and start mitigating threats.

📘 Security Navigator 2025 has the blueprint: https://thehackernews.com/2025/05/beyond-vulnerability-management-cves.html

🚨 AI devs, you're the target.

Malicious npm packages disguised as “cheap Cursor AI tools” are stealing credentials, rewriting code, and disabling updates — on macOS.

3,200+ installs — still live.

Find out how it works: https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html

🔥 AI agents are powerful—but risky. Learn how to secure them before it’s too late.

Join our free webinar with an Auth0 expert.

🛡️ Save your seat → https://thehackernews.com/2025/05/deploying-ai-agents-learn-to-secure.html

🚨 Hackers are exploiting free software trials to hijack executive systems in Brazil.

Using fake invoices and Dropbox links, they’re slipping past defenses—and it’s working.

The twist? They’re not using malware. They’re using legit IT tools.

Learn more → https://thehackernews.com/2025/05/initial-access-brokers-target-brazil.html

🛑 Hacker Caught Mid-Interview—Live on Zoom!

North Korean attackers are posing as job applicants using fake resumes, AI tools, and stealth malware to breach companies. Some have slipped through.

OtterCookie v4 reveals just how deep the campaign goes—stealing credentials, crypto wallets, even iCloud Keychain data.

🔗 See the full story → https://thehackernews.com/2025/05/ottercookie-v4-adds-vm-detection-and.html

🔥 BREAKING: $46M cybercrime empire busted.

FBI & Dutch forces take down a botnet run on hacked home routers—active since 2004.

Used by criminals to stay anonymous.

You might be part of it... and not even know.

🔗 Read what they uncovered: https://thehackernews.com/2025/05/breaking-7000-device-proxy-botnet-using.html

🚨 $1.9 BILLION Crypto Swap Site Seized!

Germany’s BKA has shut down eXch[.]cx, a crypto exchange used by North Korean hackers & darknet actors.

🔍 €34M in crypto seized
📁 8 TB of data confiscated
🌐 Ran on clearnet + dark web

Read full story ➝ https://thehackernews.com/2025/05/germany-shuts-down-exch-over-19b.html

👀 They tracked your face, your steps—even your searches in "Incognito."

Now, Google will pay Texas $1.375 BILLION to settle one of the largest privacy lawsuits in U.S. history.

And nearly equal to Meta’s record fine.

🔗 See the full story → https://thehackernews.com/2025/05/google-pays-1375-billion-to-texas-over.html

🚨 AI Tools or Trojan Horses?

Cybercriminals are hijacking the AI hype—luring users with fake video-editing platforms to drop stealthy malware.

👀 One viral Facebook post hit 62,000+ views
💥 Looks like “CapCut AI.” Acts like a stealer.
🎭 And the dev? Proudly calls himself a Malware Developer from Vietnam.

🔗 Read details here: https://thehackernews.com/2025/05/fake-ai-tools-used-to-spread.html

🔓 Thousands of leaked secrets are still valid—years later.

GitGuardian’s 2025 report reveals a growing crisis: exposed cloud & DB credentials in public repos aren’t being revoked. Not even after discovery.

The problem? Detection ≠ protection.
Why are orgs ignoring this risk? What’s keeping secrets live in production?

👀 The answers are alarming. Read the full report: https://thehackernews.com/2025/05/the-persistence-problem-why-exposed.html

💣 No phishing. No pop-ups. Just silent backdoors inside tools you already trust.

IoT botnets, spyware rulings, and supply chain threats made headlines this week.

⚡ Read the recap CISOs are watching: https://thehackernews.com/2025/05/weekly-recap-zero-day-exploits.html

🚨 One Click. Full Control.

Two critical flaws (CVE-2025-3462 & CVE-2025-3463) in ASUS DriverHub exposed users to remote code execution—just by clicking a malicious link.

Patch released on May 9—but have you updated yet?

🔗 Read the full details → https://thehackernews.com/2025/05/asus-patches-driverhub-rce-flaws.html

🔥 Zero Trust is the hottest buzzword in security—
But most teams are still getting it wrong.

Why?
Because you can’t protect what you can’t see.
And you can’t manage what your tools can’t reach.

🎤 Join John Kindervag (yes, the creator of Zero Trust) for a live session on what’s actually working—and where most teams fall short.

✅ Where to start—without ripping your stack
⚠️ Common pitfalls
🚫 Secure what your identity tools miss

📅 May 22 | 10 AM PT
🔗 Register here: https://thn.news/zero-trust-practice

🚨 A zero-day exploit, a chat app, and a silent cyberwar.

A Türkiye-linked hacker group Marbled Dust exploited CVE-2025-27920 in India's Output Messenger—targeting Kurdish military users in Iraq via a stealthy backdoor.

Read details ➡️ https://thehackernews.com/2025/05/turkiye-hackers-exploited-output.html

👀 Busted.

A 45-year-old man has been arrested in Moldova for a €4.5M DoppelPaymer ransomware attack on Dutch institutions—including the Netherlands' top science agency (NWO) in 2021.

Read the full story ➝ https://thehackernews.com/2025/05/moldovan-police-arrest-suspect-in-45m.html

🛑 One breach at Tier 0… and it’s game over.

Active Directory runs in 90% of Fortune 1000. That’s why it’s the #1 target.

Microsoft's fix:
🔐 Tier 0 = Control Plane (AD, domain controllers, identity tools)
✅ Just-in-Time access
🚫 No standing admin privileges
🧱 Isolate it from lower tiers

One breach here = full network compromise.

🔗 Learn how to secure it right: https://thehackernews.com/expert-insights/2025/05/securing-tier-0-history-of-escalating.html

🚨 The person you're speaking to on Zoom might be AI.

Voice phishing surged 442% in 2024. Deepfakes now impersonate CEOs, job candidates—even your coworkers.

🔐 Detection isn’t enough. Trust must be proven—cryptographically.

👀 See how (demo) → https://thehackernews.com/2025/05/deepfake-defense-in-age-of-ai.html

🚨 North Korea’s Konni APT is targeting Ukraine.

Phishing, fake think tanks, malware-laced files—this isn’t your usual intel op.

The goal? Not battlefield data—but something far more strategic.

🔗 Full story → https://thehackernews.com/2025/05/north-korean-konni-apt-targets-ukraine.html

🚨 Crypto devs, beware!

A fake solana-token package on PyPI was caught stealing source code and secrets from developer machines — disguised as a legit blockchain tool.

— 761 installs before takedown
— Audit every dependency

Read: https://thehackernews.com/2025/05/malicious-pypi-package-posing-as-solana.html