🚨 5,300 routers hijacked—not to attack, but to spy.

A shadowy group dubbed ViciousTrap is turning Cisco routers across 84 countries into a massive honeypot-style network—not to attack, but to silently watch.

🔍 Exploiting CVE-2023-20118
👻 Dropping a script called NetGhost

Read: https://thehackernews.com/2025/05/vicioustrap-uses-cisco-flaw-to-build.html

Hackers are turning TikTok into a malware delivery tool.

From ClickFix to fake Spotify "boosts"—hackers are now using AI-generated TikToks to trick users into running malicious commands. One video got 500K views before takedown.

See full report → https://thehackernews.com/2025/05/hackers-use-tiktok-videos-to-distribute.html

🚨 Fake installers, real threat — Malware hidden in trojanized QQ Browser & LetsVPN setups drops Winos 4.0, a stealthy RAT built for memory-only attacks.

Signed with expired certs. Linked to Chinese-speaking targets & APT Silver Fox.

👀 Full scoop → https://thehackernews.com/2025/05/hackers-use-fake-vpn-and-browser-nsis.html

70% of top sites drop tracking cookies even after users say no.

That’s a lawsuit waiting to happen.

This guide shows CISOs how to catch hidden privacy failures before they cost you millions.

→ Fix it now: https://thehackernews.com/2025/05/cisos-guide-to-web-privacy-validation.html

🚨 Malware is hiding in your dev tools. 70+ npm & VS Code packages were caught stealing data, wiping files, even triggering shutdowns.

Hackers used trusted names to slip through.

Your next install could be a trap.
→ Audit often.
→ Trust less.

🔗Read: https://thehackernews.com/2025/05/over-70-malicious-npm-and-vs-code.html

⚡ New this week in cybersecurity RECAP:

– Chrome extensions hijacking sessions
– AI assistants leaking code
– State actors exploiting SaaS
– 20+ critical CVEs

You can't protect what you ignore.

Read the recap now → https://thehackernews.com/2025/05/weekly-recap-apt-campaigns-browser.html

🚨 Russia-linked TAG-110 is now hitting Tajikistan with macro-laced Word docs—ditching old methods for stealthier new ones.

Aimed at gov and research orgs, this shift signals bigger moves ahead.

New tactics. Same goal. Learn more: https://thehackernews.com/2025/05/russia-linked-hackers-target-tajikistan.html

🚨 Law firms are under attack.

A stealthy group known as Luna Moth is using fake IT calls—not malware—to quietly breach systems and steal sensitive data.

No clicks needed—just trust abused.

Learn why it’s working—and how to stop it: https://thehackernews.com/2025/05/hackers-are-calling-your-office-fbi.html

Drive your SOC forward with solutions trusted by 15,000 businesses worldwide

✅ Get bonus licenses for ANYRUN's Interactive Sandbox
✅ Double your cyber threat investigations quota with TI Lookup

Just 4 days left 👉 https://thn.news/anyrun-plans-spring-tg

🚨 AI agents are leaking secrets—and no one's watching.

Enterprises now manage 45+ machine identities per user—from chatbots to CI/CD bots. In 2024 alone, 23.7M secrets leaked on GitHub. AI tools like Copilot worsened this by 40%.

NHIs don’t rotate keys. Don’t log off. Don’t forget.

🔒 Learn how to lock down AI agents → https://thehackernews.com/2025/05/ai-agents-and-nonhuman-identity-crisis.html

👀 Your Docker containers might be mining crypto—without you knowing.

A new malware is hijacking exposed Docker APIs, spreading like a worm, and turning systems into a crypto-mining botnet—no C2 server required.

🔍 See how it spreads: https://thehackernews.com/2025/05/new-self-spreading-malware-infects.html

🚨 Hackers built a fake Bitdefender site to push Venom RAT—stealing passwords, crypto, and control.

Behind it? A stealthy combo of open-source tools, MFA bypass tricks, and real-time phishing tactics. You won’t believe what they’re exploiting now.

Read: https://thehackernews.com/2025/05/cybercriminals-clone-antivirus-site-to_4.html

Apple blocked $9B+ in App Store fraud.

In 2024 alone:
🔥 $2B in fake transactions stopped
🚫 139K shady devs rejected
👤 129M bogus accounts banned

From malware to manipulated reviews—fraud is evolving fast.

👉 See what’s under the hood: https://thehackernews.com/2025/05/apple-blocks-9-billion-in-fraud-over-5.html

🚨 One Day. 251 IPs. 75 Targets.

Experts detected a wave of Japan-based, Amazon-hosted IPs scanning 75 exposure points in hours.

CVEs hit: ColdFusion (CVE-2018-15961), Struts (CVE-2017-5638), Elasticsearch (CVE-2015-1427)

See what was targeted → https://thehackernews.com/2025/05/251-amazon-hosted-ips-used-in-exploit.html

🚨 A new zero-day is under attack — and it’s making money off your CMS.

Hackers are hijacking Craft CMS via a fresh zero-day to mine crypto and sell your bandwidth — all with stealthy new tools. One odd Python trick might help you spot them.

Learn more: https://thehackernews.com/2025/05/mimo-hackers-exploit-cve-2025-32432-in.html

⚠️ You passed MFA. But your session didn’t.

A new attack, Browser-in-the-Middle, tricks users into typing passwords on a hacker’s browser—without knowing it.

It’s fast, invisible, and bypasses MFA.

Learn how it works—and how to stop it before it hits you. 👇 https://thehackernews.com/2025/05/how-browser-in-middle-attacks-steal.html

🚨 A new botnet is quietly hijacking Linux-based IoT devices.

PumaBot is targeting embedded Linux IoT devices—brute-forcing SSH, mining crypto, and hijacking credentials.

It impersonates Redis, evades honeypots, and survives reboots using systemd persistence.

🔗 Read: https://thehackernews.com/2025/05/new-pumabot-botnet-targets-linux-iot.html

🚨 Session hijacking just replaced password theft.

Attackers now buy live access to Microsoft 365, AWS, Slack—no passwords, no MFA needed.

Flare analyzed 20M+ stealer logs. What they found changes everything.

👉 How fast it happens—and how to stop it: https://thehackernews.com/2025/05/from-infection-to-access-24-hour.html

🚨 WARNING →

Apps like ChatGPT and Trello can access your entire OneDrive cloud via Microsoft’s File Picker—even if you upload just one file.

🔓 Overly broad permissions, vague prompts. No fix yet.

🔗 See what’s at risk → https://thehackernews.com/2025/05/microsoft-onedrive-file-picker-flaw.html

🚨 China accused of cyber espionage—again.

Czech Republic publicly blames APT31, a state-linked hacking group, for targeting its Foreign Ministry since 2022. The attack hit critical infrastructure.

🔗 Read the full story: https://thehackernews.com/2025/05/czech-republic-blames-china-linked.html

🚨 Iranian Hacker Pleads Guilty in U.S. Ransomware Case

Sina Gholinejad, 37, admitted to leading Robbinhood ransomware attacks that hit U.S. cities like Baltimore and Greenville between 2019–2024.

💥 $19M+ in damages
💥 City services shut down for months
💥 Used stolen access + vulnerable drivers to avoid detection
💥 Laundered ransom through crypto mixers

He faces up to 30 years in prison.

👉 Read the full story: https://thehackernews.com/2025/05/iranian-hacker-pleads-guilty-in-19.html