🚨 Critical Fortinet 0-Day Exploited in Attacks!

Hackers are hitting FortiVoice systems in the wild—logging creds, wiping crash logs, scanning networks.

CVE-2025-32756 (CVSS 9.6) affects:
—FortiVoice, FortiMail, FortiNDR
—FortiRecorder, FortiCamera

Exploitable without login via crafted HTTP requests.

🔗 Details: https://thehackernews.com/2025/05/fortinet-patches-cve-2025-32756-zero.html

🛑 5 Microsoft zero-days exploited in the wild!

One flaw lets attackers hijack full system control—just by visiting a webpage.

◆ 78 flaws fixed — 11 critical
◆ CVE-2025-30397 to 32709 now in CISA’s KEV list
◆ 10.0 CVSS bug in Azure DevOps Server

🔗 Details here: https://thehackernews.com/2025/05/microsoft-fixes-78-flaws-5-zero-days.html

🛡️ Don’t wait. Patch now.

🚨 URGENT UPDATE: Another SAP flaw under active exploitation!

CVE-2025-42999 (CVSS 9.1) is now confirmed actively exploited — allows attackers to execute commands via insecure deserialization in NetWeaver.

🛠 Patch now: SAP Note 3604119

Read: https://thehackernews.com/2025/05/china-linked-apts-exploit-sap-cve-2025.html

👀 UPDATE: Android just got its own Lockdown Mode.

• Tamper-proof Intrusion Logging
• Scam alerts during banking calls
• Lock screen OTP protection
• Upgraded app threat detection

🔒 Rolling out on Android 11+ | Full launch this summer.

📲 What’s new & how it protects you: https://thehackernews.com/2025/05/google-rolls-out-on-device-ai.html

🚨 Invoice Email? Think Twice.

A stealthy phishing campaign is hitting Windows users in Latin America—disguised as financial docs, but dropping Horabot malware instead.

👀 Hijacks inboxes
📩 Spreads via Outlook
💰 Targets banking data

🔗 Full details here → https://thehackernews.com/2025/05/horabot-malware-targets-6-latin.html

🚨 Drone supply chains under attack!

Earth Ammit, a likely China-linked group, ran two stealthy ops—VENOM & TIDRONE—to breach drone and defense industries in Taiwan & South Korea.

They’re not hitting targets directly. They’re hijacking the software vendors you trust.

🔗 Read: https://thehackernews.com/2025/05/earth-ammit-breached-drone-supply.html

🔥 Cyber attacks are up. Skills still lag.

Verizon’s 2025 DBIR reports an 18% jump in breaches, with vuln exploitation up 34% YoY. Yet most orgs rely too much on tools.

Want real defense? Train every team to think like an attacker.

From new analysts to execs—offensive training builds sharper instincts, faster response, and better strategy.

🔗 Learn how: https://thehackernews.com/2025/05/learning-how-to-hack-why-offensive.html

SANS Offensive Ops East → Jun 8–14 | San Antonio → Aug 4–9

⚡ Free AI Security Assessment from Vanta

Whether your company is using, building with, or developing AI, Vanta’s AI Security Assessment outlines the most critical and common considerations across any AI program—from governance to risk, to data privacy, incident management, and more.

Download it for free here: https://thn.news/ai-security-assessment-template

🚨 14,000+ fake URLs.

A massive phishing campaign—Meta Mirage—is hijacking Meta Business Suite users with scarily real fake alerts.

◆︎ 78% of malicious links went unblocked by browsers.
◆︎ Hosted on trusted platforms like GitHub & Firebase.
◆︎ Looks legit. Hits hard. You won’t see it coming.

🔐 CTM360 just dropped the full intel: https://thehackernews.com/2025/05/ctm360-identifies-surge-in-phishing.html

🚨 $8.4B in shadow deals—run from Telegram.

A Chinese-language black market called Xinbi Guarantee quietly moved billions in crypto since 2022.

What’s inside? Think: stolen data, fake IDs, laundering services—and more.

👀 The full story is darker than you think: https://thehackernews.com/2025/05/xinbi-telegram-market-tied-to-84b-in.html

🔥 Two ransomware gangs—BianLian and RansomExx—are now exploiting a critical SAP flaw (CVE-2025-31324).

They’re not alone. Nation-state hackers are in the mix too.

One exploit. Full system access.

🔗 Read the full breakdown: https://thehackernews.com/2025/05/bianlian-and-ransomexx-exploit-sap.html

🛑 Actively Exploited Samsung Flaw Hits Critical Alert!

PoC dropped. Exploits followed fast.

A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware.

Read → https://thehackernews.com/2025/05/samsung-patches-cve-2025-4632-used-to.html

🚨 Warning: A new high-severity Google Chrome flaw is being actively exploited in the wild.

CVE-2025-4664 allows attackers to steal sensitive data like account credentials via crafted HTML + image traps.

It affects Chrome < 136.0.7103.113 — and likely other Chromium-based browsers.

🔗 Details: https://thehackernews.com/2025/05/new-chrome-vulnerability-enables-cross.html

🚨 One email. One click. Full inbox compromise.

APT28 is back with Operation RoundPress, exploiting zero-days in MDaemon, Roundcube, Zimbra & Horde to steal emails from govs, defense orgs & academics across Ukraine, Bulgaria, Greece & more.

🔗 Read: https://thehackernews.com/2025/05/russia-linked-apt28-exploited-mdaemon.html

🚨 2,000+ devs downloaded this npm package... and it was hiding malware

A seemingly harmless utility used Google Calendar as a stealth command link.

—Unicode tricks
—Multi-stage payloads
—Real downloads
—The kicker? It’s still live

Read here: https://thehackernews.com/2025/05/malicious-npm-package-leverages-unicode.html

🔥 Cybercriminals are now using Microsoft’s own Quick Assist tool to deploy ransomware like Black Basta. And with Ransomware-as-a-Service, anyone can launch an attack.

No BCDR? You’re gambling your business.

Learn 5 must-have recovery moves now → https://thehackernews.com/2025/05/top-5-bcdr-capabilities-for-ransomware-defense.html

👀 Your last pen test passed. So why was there still a breach?

Compliance checks a box. Attackers exploit what happens next. Verizon’s 2025 report shows a 34% spike in exploited vulnerabilities — most after audits.

🔁 It’s time to move beyond point-in-time testing.
Only continuous pen testing + EASM reveals what attackers find first.

👉 See what your strategy might be missing: https://thehackernews.com/2025/05/pen-testing-for-compliance-only-its.html

🕷️ NEW WEBINAR: Learn about Scattered Spider’s evolving TTPs and how to defend your organization 🕷️

Join Push Security to learn about Scattered Spider’s current and future TTPs and how to stop breaches beginning with account takeover.

Register here 👉 https://thn.news/scattered-spider-2025

🚨 Coinbase insider breach exposed. Hackers bribed support agents to steal user data—then tried to extort $20M.

🧠 No crypto lost, but names, emails, and IDs were leaked.
🛡️ Coinbase is reimbursing victims + offering a $20M reward.

🔗 Full story → https://thehackernews.com/2025/05/coinbase-agents-bribed-data-of-1-users.html

👀 Meta vs. Europe—Round 2

Starting May 27, Meta plans to train its AI using Facebook & Instagram user data across the E.U.—without asking for consent.

Privacy watchdog noyb says it’s illegal. A class action may be coming.

Full story: https://thehackernews.com/2025/05/meta-to-train-ai-on-eu-user-data-from.html

🚫 Your firewall isn't broken—it's just outdated.

AI-powered attacks are faster than ever. Still exposing your network with public IPs? You're playing defense with a blindfold.

Zscaler's Zero Trust model flips the script—no public IPs, no easy targets. It's not magic. It's strategy.

👀 The most secure network is the one they can't see.

🔎 Discover how it works → https://thehackernews.com/expert-insights/2025/05/eliminating-public-ips-case-for-zero.html