⚠️ Russia’s cyber war isn’t just on the battlefield—it’s hitting inboxes across the West.
APT28 (Fancy Bear) is targeting logistics, defense & IT firms in 14 countries to track aid to Ukraine.
Outlook, Roundcube, VPNs—even border cameras compromised.
🔗 Learn more: https://thehackernews.com/2025/05/russian-hackers-exploit-email-and-vpn.html
APT28 (Fancy Bear) is targeting logistics, defense & IT firms in 14 countries to track aid to Ukraine.
Outlook, Roundcube, VPNs—even border cameras compromised.
🔗 Learn more: https://thehackernews.com/2025/05/russian-hackers-exploit-email-and-vpn.html
👍21🔥14😁7🤔6🤯2
🔥 Biggest Info-Stealer Takedown of 2025!
🚨 2,300+ domains seized | 10M+ infections cut off.
Lumma Stealer—the world’s top info-stealer—just got dismantled by a global strike led by Microsoft, FBI, and Europol.
🔗 Read this story → https://thehackernews.com/2025/05/fbi-and-europol-disrupt-lumma-stealer.html
🚨 2,300+ domains seized | 10M+ infections cut off.
Lumma Stealer—the world’s top info-stealer—just got dismantled by a global strike led by Microsoft, FBI, and Europol.
🔗 Read this story → https://thehackernews.com/2025/05/fbi-and-europol-disrupt-lumma-stealer.html
🤯11👏8👍6🔥1
Most companies think their identity security is under control—It’s not.
🚨 <4% have fully automated ID workflows
🔑 89% depend on users to manually enable MFA
📉 52% faced breaches from manual ID tasks
Read latest 2025 report → https://thehackernews.com/2025/05/identity-security-has-automation.html
🚨 <4% have fully automated ID workflows
🔑 89% depend on users to manually enable MFA
📉 52% faced breaches from manual ID tasks
Read latest 2025 report → https://thehackernews.com/2025/05/identity-security-has-automation.html
👍10🔥1👏1😁1
🚨 3 Critical Flaws. 1 Exploit Chain. No Fix.
Versa Concerto's SD-WAN platform has 3 severe CVEs—one rated 10.0—that can let attackers bypass auth, escalate privileges & gain full system control via reverse shell.
🔗 Read this story → https://thehackernews.com/2025/05/unpatched-versa-concerto-flaws-let.html
Versa Concerto's SD-WAN platform has 3 severe CVEs—one rated 10.0—that can let attackers bypass auth, escalate privileges & gain full system control via reverse shell.
🔗 Read this story → https://thehackernews.com/2025/05/unpatched-versa-concerto-flaws-let.html
🤔6🔥3👏3😁2👍1
🚨 China-linked UNC5221 hackers exploited Ivanti EPMM zero-days (CVE-2025-4427 & 4428) immediately after disclosure, targeting mobile endpoints in defense, healthcare, and finance sectors.
Full report → https://thehackernews.com/2025/05/chinese-hackers-exploit-ivanti-epmm.html
Full report → https://thehackernews.com/2025/05/chinese-hackers-exploit-ivanti-epmm.html
👍7🔥3👏2
⚡ Webinar ALERT!
Cybersecurity isn't enough—you must prove it.
Courts, regulators, and insurers demand "reasonable" programs, and vague efforts won't suffice. Learn what this means and how to comply.
📅 Register for this free session now → https://thehackernews.com/2025/05/webinar-learn-how-to-build-reasonable.html
Cybersecurity isn't enough—you must prove it.
Courts, regulators, and insurers demand "reasonable" programs, and vague efforts won't suffice. Learn what this means and how to comply.
📅 Register for this free session now → https://thehackernews.com/2025/05/webinar-learn-how-to-build-reasonable.html
🤔6👍1👏1
🛑 WARNING — Any user to Domain Admin?
Akamai researchers demoed BadSuccessor, an attack abusing the new dMSA feature—enabled by default—to escalate privileges in Active Directory.
✅ Works in 91% of orgs.
❌ No patch yet
Details here → https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html
Akamai researchers demoed BadSuccessor, an attack abusing the new dMSA feature—enabled by default—to escalate privileges in Active Directory.
✅ Works in 91% of orgs.
❌ No patch yet
Details here → https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html
😱12😁2👏1
⚠️ A Chinese-speaking threat actor quietly breached U.S. local gov systems via a critical flaw in Cityworks.
They didn’t just break in—they stayed—deploying Cobalt Strike & VShell via Rust-based TetraLoader.
Full report → https://thehackernews.com/2025/05/chinese-hackers-exploit-trimble.html
They didn’t just break in—they stayed—deploying Cobalt Strike & VShell via Rust-based TetraLoader.
Full report → https://thehackernews.com/2025/05/chinese-hackers-exploit-trimble.html
🤯16👏9👍7🔥4😁3🤔2😱1
💥 Hidden code. Stolen secrets. Weaponized AI.
GitLab’s AI assistant Duo was vulnerable to indirect prompt injection—letting attackers quietly steal source code, embed malicious links, and exfiltrate zero-days.
Learn more: https://thehackernews.com/2025/05/gitlab-duo-vulnerability-enabled.html
GitLab’s AI assistant Duo was vulnerable to indirect prompt injection—letting attackers quietly steal source code, embed malicious links, and exfiltrate zero-days.
Learn more: https://thehackernews.com/2025/05/gitlab-duo-vulnerability-enabled.html
⚡12👍10😁1
🚨 New CISA Alert: Hackers exploited CVE-2025-3928 in Commvault’s Metallic SaaS, compromising M365 credentials.
This isn’t an isolated case—it’s part of a broader campaign targeting SaaS apps with default configs and excessive permissions.
🔍 Details: https://thehackernews.com/2025/05/cisa-warns-of-suspected-broader-saas.html
This isn’t an isolated case—it’s part of a broader campaign targeting SaaS apps with default configs and excessive permissions.
🔍 Details: https://thehackernews.com/2025/05/cisa-warns-of-suspected-broader-saas.html
🔥9👍5
🔥 The DoJ has dismantled DanaBot—a Russian-controlled malware that infected 300K+ devices and caused $50M+ in global losses.
16 charged. Servers seized.
Some hackers unmasked after accidentally infecting themselves.
Read more: https://thehackernews.com/2025/05/us-dismantles-danabot-malware-network.html
16 charged. Servers seized.
Some hackers unmasked after accidentally infecting themselves.
Read more: https://thehackernews.com/2025/05/us-dismantles-danabot-malware-network.html
😁19🤔6⚡4🔥4👍3
🔥 Europol just dropped the hammer: 300 servers taken down, €3.5M in crypto seized, and 20 international arrest warrants issued—key QakBot and TrickBot operatives named.
At the same time, Operation RapTor arrested 270 dark web vendors across 10 countries, seizing €184M in cash and crypto, 2 tons of drugs, and 180 firearms.
🔗 Learn more → https://thehackernews.com/2025/05/300-servers-and-35m-seized-as-europol.html
At the same time, Operation RapTor arrested 270 dark web vendors across 10 countries, seizing €184M in cash and crypto, 2 tons of drugs, and 180 firearms.
🔗 Learn more → https://thehackernews.com/2025/05/300-servers-and-35m-seized-as-europol.html
🔥22😱7👍6😁4🤯2
🛡️ 99.45% detection. 0.07% false positives.
SafeLine is now the top open-source WAF on GitHub (16.4K+ ⭐) — built for teams needing full control, zero-day defense, and advanced bot protection.
👉 See why it’s outpacing cloud WAFs → https://thehackernews.com/2025/05/safeline-waf-open-source-web.html
SafeLine is now the top open-source WAF on GitHub (16.4K+ ⭐) — built for teams needing full control, zero-day defense, and advanced bot protection.
👉 See why it’s outpacing cloud WAFs → https://thehackernews.com/2025/05/safeline-waf-open-source-web.html
🤔14👍10🤯4😱4👏1
🚨 5,300 routers hijacked—not to attack, but to spy.
A shadowy group dubbed ViciousTrap is turning Cisco routers across 84 countries into a massive honeypot-style network—not to attack, but to silently watch.
🔍 Exploiting CVE-2023-20118
👻 Dropping a script called NetGhost
Read: https://thehackernews.com/2025/05/vicioustrap-uses-cisco-flaw-to-build.html
A shadowy group dubbed ViciousTrap is turning Cisco routers across 84 countries into a massive honeypot-style network—not to attack, but to silently watch.
🔍 Exploiting CVE-2023-20118
👻 Dropping a script called NetGhost
Read: https://thehackernews.com/2025/05/vicioustrap-uses-cisco-flaw-to-build.html
😱14🔥12👍4🤔3🤯1
Hackers are turning TikTok into a malware delivery tool.
From ClickFix to fake Spotify "boosts"—hackers are now using AI-generated TikToks to trick users into running malicious commands. One video got 500K views before takedown.
See full report → https://thehackernews.com/2025/05/hackers-use-tiktok-videos-to-distribute.html
From ClickFix to fake Spotify "boosts"—hackers are now using AI-generated TikToks to trick users into running malicious commands. One video got 500K views before takedown.
See full report → https://thehackernews.com/2025/05/hackers-use-tiktok-videos-to-distribute.html
😁40👍23😱21🤯7
🚨 Fake installers, real threat — Malware hidden in trojanized QQ Browser & LetsVPN setups drops Winos 4.0, a stealthy RAT built for memory-only attacks.
Signed with expired certs. Linked to Chinese-speaking targets & APT Silver Fox.
👀 Full scoop → https://thehackernews.com/2025/05/hackers-use-fake-vpn-and-browser-nsis.html
Signed with expired certs. Linked to Chinese-speaking targets & APT Silver Fox.
👀 Full scoop → https://thehackernews.com/2025/05/hackers-use-fake-vpn-and-browser-nsis.html
🔥26👍6🤯1
70% of top sites drop tracking cookies even after users say no.
That’s a lawsuit waiting to happen.
This guide shows CISOs how to catch hidden privacy failures before they cost you millions.
→ Fix it now: https://thehackernews.com/2025/05/cisos-guide-to-web-privacy-validation.html
That’s a lawsuit waiting to happen.
This guide shows CISOs how to catch hidden privacy failures before they cost you millions.
→ Fix it now: https://thehackernews.com/2025/05/cisos-guide-to-web-privacy-validation.html
👍10😁9😱3
🚨 Malware is hiding in your dev tools. 70+ npm & VS Code packages were caught stealing data, wiping files, even triggering shutdowns.
Hackers used trusted names to slip through.
Your next install could be a trap.
→ Audit often.
→ Trust less.
🔗Read: https://thehackernews.com/2025/05/over-70-malicious-npm-and-vs-code.html
Hackers used trusted names to slip through.
Your next install could be a trap.
→ Audit often.
→ Trust less.
🔗Read: https://thehackernews.com/2025/05/over-70-malicious-npm-and-vs-code.html
😁14👍10🔥6🤯5
⚡ New this week in cybersecurity RECAP:
– Chrome extensions hijacking sessions
– AI assistants leaking code
– State actors exploiting SaaS
– 20+ critical CVEs
You can't protect what you ignore.
Read the recap now → https://thehackernews.com/2025/05/weekly-recap-apt-campaigns-browser.html
– Chrome extensions hijacking sessions
– AI assistants leaking code
– State actors exploiting SaaS
– 20+ critical CVEs
You can't protect what you ignore.
Read the recap now → https://thehackernews.com/2025/05/weekly-recap-apt-campaigns-browser.html
👍25😁1
🚨 Russia-linked TAG-110 is now hitting Tajikistan with macro-laced Word docs—ditching old methods for stealthier new ones.
Aimed at gov and research orgs, this shift signals bigger moves ahead.
New tactics. Same goal. Learn more: https://thehackernews.com/2025/05/russia-linked-hackers-target-tajikistan.html
Aimed at gov and research orgs, this shift signals bigger moves ahead.
New tactics. Same goal. Learn more: https://thehackernews.com/2025/05/russia-linked-hackers-target-tajikistan.html
😁10👍5🤔3🤯2🔥1
🚨 Law firms are under attack.
A stealthy group known as Luna Moth is using fake IT calls—not malware—to quietly breach systems and steal sensitive data.
No clicks needed—just trust abused.
Learn why it’s working—and how to stop it: https://thehackernews.com/2025/05/hackers-are-calling-your-office-fbi.html
A stealthy group known as Luna Moth is using fake IT calls—not malware—to quietly breach systems and steal sensitive data.
No clicks needed—just trust abused.
Learn why it’s working—and how to stop it: https://thehackernews.com/2025/05/hackers-are-calling-your-office-fbi.html
👍15😁5⚡2