🚨 CI/CD pipelines move fast—but security often lags behind.

Misconfigs, weak containers, and unchecked code can open real attack paths.

Wazuh spots what others miss—and stops it cold.

🔍 See the risks + how to fix them → https://thehackernews.com/2025/05/securing-cicd-workflows-with-wazuh.html

🚨 From Inbox to Full Compromise:

Hackers are hitting Russian businesses with phishing emails disguised as docs, delivering PureRAT malware for full-system access, password theft & crypto hijacking.

🎯 Attacks have quadrupled in early 2025.

🔗 Details: https://thehackernews.com/2025/05/purerat-malware-spikes-4x-in-2025.html

⚠️ Russia’s cyber war isn’t just on the battlefield—it’s hitting inboxes across the West.

APT28 (Fancy Bear) is targeting logistics, defense & IT firms in 14 countries to track aid to Ukraine.

Outlook, Roundcube, VPNs—even border cameras compromised.

🔗 Learn more: https://thehackernews.com/2025/05/russian-hackers-exploit-email-and-vpn.html

🔥 Biggest Info-Stealer Takedown of 2025!

🚨 2,300+ domains seized | 10M+ infections cut off.

Lumma Stealer—the world’s top info-stealer—just got dismantled by a global strike led by Microsoft, FBI, and Europol.

🔗 Read this story → https://thehackernews.com/2025/05/fbi-and-europol-disrupt-lumma-stealer.html

Most companies think their identity security is under control—It’s not.

🚨 <4% have fully automated ID workflows
🔑 89% depend on users to manually enable MFA
📉 52% faced breaches from manual ID tasks

Read latest 2025 report → https://thehackernews.com/2025/05/identity-security-has-automation.html

🚨 3 Critical Flaws. 1 Exploit Chain. No Fix.

Versa Concerto's SD-WAN platform has 3 severe CVEs—one rated 10.0—that can let attackers bypass auth, escalate privileges & gain full system control via reverse shell.

🔗 Read this story → https://thehackernews.com/2025/05/unpatched-versa-concerto-flaws-let.html

🚨 China-linked UNC5221 hackers exploited Ivanti EPMM zero-days (CVE-2025-4427 & 4428) immediately after disclosure, targeting mobile endpoints in defense, healthcare, and finance sectors.

Full report → https://thehackernews.com/2025/05/chinese-hackers-exploit-ivanti-epmm.html

⚡ Webinar ALERT!

Cybersecurity isn't enough—you must prove it.

Courts, regulators, and insurers demand "reasonable" programs, and vague efforts won't suffice. Learn what this means and how to comply.

📅 Register for this free session now → https://thehackernews.com/2025/05/webinar-learn-how-to-build-reasonable.html

🛑 WARNING — Any user to Domain Admin?

Akamai researchers demoed BadSuccessor, an attack abusing the new dMSA feature—enabled by default—to escalate privileges in Active Directory.

✅ Works in 91% of orgs.
❌ No patch yet

Details here → https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html

⚠️ A Chinese-speaking threat actor quietly breached U.S. local gov systems via a critical flaw in Cityworks.

They didn’t just break in—they stayed—deploying Cobalt Strike & VShell via Rust-based TetraLoader.

Full report → https://thehackernews.com/2025/05/chinese-hackers-exploit-trimble.html

💥 Hidden code. Stolen secrets. Weaponized AI.

GitLab’s AI assistant Duo was vulnerable to indirect prompt injection—letting attackers quietly steal source code, embed malicious links, and exfiltrate zero-days.

Learn more: https://thehackernews.com/2025/05/gitlab-duo-vulnerability-enabled.html

🚨 New CISA Alert: Hackers exploited CVE-2025-3928 in Commvault’s Metallic SaaS, compromising M365 credentials.

This isn’t an isolated case—it’s part of a broader campaign targeting SaaS apps with default configs and excessive permissions.

🔍 Details: https://thehackernews.com/2025/05/cisa-warns-of-suspected-broader-saas.html

🔥 The DoJ has dismantled DanaBot—a Russian-controlled malware that infected 300K+ devices and caused $50M+ in global losses.

16 charged. Servers seized.

Some hackers unmasked after accidentally infecting themselves.

Read more: https://thehackernews.com/2025/05/us-dismantles-danabot-malware-network.html

🔥 Europol just dropped the hammer: 300 servers taken down, €3.5M in crypto seized, and 20 international arrest warrants issued—key QakBot and TrickBot operatives named.

At the same time, Operation RapTor arrested 270 dark web vendors across 10 countries, seizing €184M in cash and crypto, 2 tons of drugs, and 180 firearms.

🔗 Learn more → https://thehackernews.com/2025/05/300-servers-and-35m-seized-as-europol.html

🛡️ 99.45% detection. 0.07% false positives.

SafeLine is now the top open-source WAF on GitHub (16.4K+ ⭐) — built for teams needing full control, zero-day defense, and advanced bot protection.

👉 See why it’s outpacing cloud WAFs → https://thehackernews.com/2025/05/safeline-waf-open-source-web.html

🚨 5,300 routers hijacked—not to attack, but to spy.

A shadowy group dubbed ViciousTrap is turning Cisco routers across 84 countries into a massive honeypot-style network—not to attack, but to silently watch.

🔍 Exploiting CVE-2023-20118
👻 Dropping a script called NetGhost

Read: https://thehackernews.com/2025/05/vicioustrap-uses-cisco-flaw-to-build.html

Hackers are turning TikTok into a malware delivery tool.

From ClickFix to fake Spotify "boosts"—hackers are now using AI-generated TikToks to trick users into running malicious commands. One video got 500K views before takedown.

See full report → https://thehackernews.com/2025/05/hackers-use-tiktok-videos-to-distribute.html

🚨 Fake installers, real threat — Malware hidden in trojanized QQ Browser & LetsVPN setups drops Winos 4.0, a stealthy RAT built for memory-only attacks.

Signed with expired certs. Linked to Chinese-speaking targets & APT Silver Fox.

👀 Full scoop → https://thehackernews.com/2025/05/hackers-use-fake-vpn-and-browser-nsis.html

70% of top sites drop tracking cookies even after users say no.

That’s a lawsuit waiting to happen.

This guide shows CISOs how to catch hidden privacy failures before they cost you millions.

→ Fix it now: https://thehackernews.com/2025/05/cisos-guide-to-web-privacy-validation.html

🚨 Malware is hiding in your dev tools. 70+ npm & VS Code packages were caught stealing data, wiping files, even triggering shutdowns.

Hackers used trusted names to slip through.

Your next install could be a trap.
→ Audit often.
→ Trust less.

🔗Read: https://thehackernews.com/2025/05/over-70-malicious-npm-and-vs-code.html

⚡ New this week in cybersecurity RECAP:

– Chrome extensions hijacking sessions
– AI assistants leaking code
– State actors exploiting SaaS
– 20+ critical CVEs

You can't protect what you ignore.

Read the recap now → https://thehackernews.com/2025/05/weekly-recap-apt-campaigns-browser.html