👀 Meta vs. Europe—Round 2

Starting May 27, Meta plans to train its AI using Facebook & Instagram user data across the E.U.—without asking for consent.

Privacy watchdog noyb says it’s illegal. A class action may be coming.

Full story: https://thehackernews.com/2025/05/meta-to-train-ai-on-eu-user-data-from.html

🚫 Your firewall isn't broken—it's just outdated.

AI-powered attacks are faster than ever. Still exposing your network with public IPs? You're playing defense with a blindfold.

Zscaler's Zero Trust model flips the script—no public IPs, no easy targets. It's not magic. It's strategy.

👀 The most secure network is the one they can't see.

🔎 Discover how it works → https://thehackernews.com/expert-insights/2025/05/eliminating-public-ips-case-for-zero.html

💻 Spectre Isn’t Dead. It’s Mutating! New CPU flaw hits ALL modern Intel chips.

🛠 Researchers at ETH Zurich and VUSec uncovered Spectre-style Intel CPU flaws (CVE-2024-45332, CVE-2024-28956, CVE-2025-24495) that leak memory across users, guests, and hosts—at rates up to 17KB/sec.

Read details → https://thehackernews.com/2025/05/researchers-expose-new-intel-cpu-flaws.html

Patches are out. But is this just another Band-Aid?

🚨 A new Windows-based botnet—HTTPBot—is quietly choking login and payment systems across China’s gaming and tech sectors.

🔥 Over 200 targeted attacks since April 2025
🧠 Mimics real users with Chrome, cookies & HTTP/2

Learn more about this: https://thehackernews.com/2025/05/new-httpbot-botnet-launches-200.html

🔒 What if your most sensitive data is already exposed—and no one knows yet?

AI-powered DLP, zero trust, browser isolation, and cloud posture control are reshaping data defense.

Learn 10 must-do strategies now → https://thehackernews.com/2025/05/top-10-best-practices-for-effective.html

🛑 2 critical Firefox zero-days — CVE-2025-4918 & CVE-2025-4919 — proven exploitable.

Attackers can read/write sensitive data or trigger remote code execution.

Affects all versions before: • Firefox 138.0.4 • ESR 128.10.1 / 115.23.1
🔗 Patch now. Full story: https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.html

“We never drop tools on machines.”

84% of major cyberattacks now use built-in system tools like PowerShell & netsh.exe — not malware.

👀 Bitdefender analyzed 700,000 incidents: attackers are hiding in plain sight using legit admin utilities.

Living Off the Land isn’t just stealth—it’s standard.

→ See how PHASR flips the script: smart blocking, zero disruption.

🔗 Read: https://thehackernews.com/expert-insights/2025/05/living-off-land-what-we-learned-from.html

⚡ Weekly Recap: Zero-days are just the tip. This week’s threat activity points to a deeper shift in how attackers operate.

Read now, recalibrate faster → https://thehackernews.com/2025/05/weekly-recap-zero-day-exploits-insider.html

🚨 New favorite toy of ransomware gangs? A stealthy malware called Skitnet—now seen in live attacks.

First sold on dark forums in 2024, it's now powering phishing campaigns from groups like Black Basta in 2025.

→ Reverse shell via DNS
→ Evades AV using GetProcAddress
→ Deploys legit tools like AnyDesk
→ Modular, stealthy, persistent

Learn how it works: https://thehackernews.com/2025/05/ransomware-gangs-use-skitnet-malware.html

🔥 CTEM is the new must-have for cybersecurity leaders.

Forget yearly audits. This is about always-on risk testing — and it’s working.

CTEM uses attack simulations, real-time testing & exposure tracking to stay ahead.

Why are top CISOs making the switch?

👉 Learn how it works: https://thehackernews.com/2025/05/why-ctem-is-winning-bet-for-cisos-in.html

🛑 WARNING: Popular VMware tool RVTools was hacked to spread Bumblebee malware via its official site.

The site is now offline — but ⚠️ do not download from unofficial sources either.

Meanwhile, Procolored printer software was found carrying a Delphi backdoor and a $974K crypto clipper named SnipVex, which infects .exe files to hijack Bitcoin transactions.

🔎 Full details here: https://thehackernews.com/2025/05/rvtools-official-site-hacked-to-deliver.html

👀 Devs, you're being hunted.

3 Python packages quietly turned stolen emails into verified TikTok & Instagram targets. Another posed as a dev tool—actually a stealth backdoor.

🔗 Full story → https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html

🚨 RedisRaider is here—and it's hunting Linux servers.

A new cryptojacking campaign is weaponizing Redis config commands to silently hijack Linux systems and mine Monero.

🔗 Learn more: https://thehackernews.com/2025/05/go-based-malware-deploys-xmrig-miner-on.html

🚨 New Chinese APT uncovered!

ESET reveals MarsSnake, a stealth backdoor used in a multi-year campaign targeting a Saudi org via fake flight emails.

The threat actor? UnsolicitedBooker—and it’s not working alone.

👀 More tactics, ties, and twists → https://thehackernews.com/2025/05/chinese-hackers-deploy-marssnake.html

💀 Most breaches begin with identity.

Issue isn’t firewall—it's login. You invest in EDR, NDR, ITDR, but attackers use valid credentials.

🔥 ITP stops attacks pre-access.

👉 Learn more: https://thehackernews.com/expert-insights/2025/05/breach-fatalism-is-over-why-identity.html

💥 75 security tools, 2,000+ alerts/week — Still breached.

This new "2025 State of Pentesting" report reveals what’s really working (and what’s not) in modern security testing.

🔗 Get the key insights: https://thehackernews.com/2025/05/the-crowded-battle-key-insights-from.html

🚨 One default IAM role can expose your entire AWS account.

Experts found overly permissive roles in AWS services like SageMaker & Glue—granting attackers wide access, including full S3 control.

It’s not just misconfig—it's a silent backdoor.

Details: https://thehackernews.com/2025/05/aws-default-iam-roles-found-to-enable.html

⚠️ Old flaws—new threat!

A new SideWinder campaign hit gov’t agencies in 🇱🇰 Sri Lanka, 🇧🇩 Bangladesh & 🇵🇰 Pakistan using geofenced malware and old MS Office flaws.

🔗 Details just dropped: https://thehackernews.com/2025/05/south-asian-ministries-hit-by.html

🚨 Over 100 malicious Chrome extensions slipped through Google’s radar since Feb 2024.

They looked legit—VPNs, AI tools, banking apps—but secretly stole data, hijacked sessions, and redirected traffic.

👀 Even bad reviews were filtered.

🔗 Read: https://thehackernews.com/2025/05/100-fake-chrome-extensions-found.html

⚠️ Trusted domains. Abandoned cloud assets. Hijacked by a ghost.

A threat actor called Hazy Hawk is hijacking unused domains from big names like CDC & PwC—turning trusted URLs into malware traps via DNS misconfig.

See how it works ➝ https://thehackernews.com/2025/05/hazy-hawk-exploits-dns-records-to.html

🔥 Google Chrome just got SMARTER!!!

It now auto-changes compromised passwords—in one click.

🔐 Detects hacked passwords
🤖 Auto-generates a strong password
⚡ Instantly updates them

See it in action: https://thehackernews.com/2025/05/google-chrome-can-now-auto-change.html