🚨 Russia-linked TAG-110 is now hitting Tajikistan with macro-laced Word docs—ditching old methods for stealthier new ones.

Aimed at gov and research orgs, this shift signals bigger moves ahead.

New tactics. Same goal. Learn more: https://thehackernews.com/2025/05/russia-linked-hackers-target-tajikistan.html

🚨 Law firms are under attack.

A stealthy group known as Luna Moth is using fake IT calls—not malware—to quietly breach systems and steal sensitive data.

No clicks needed—just trust abused.

Learn why it’s working—and how to stop it: https://thehackernews.com/2025/05/hackers-are-calling-your-office-fbi.html

Drive your SOC forward with solutions trusted by 15,000 businesses worldwide

✅ Get bonus licenses for ANYRUN's Interactive Sandbox
✅ Double your cyber threat investigations quota with TI Lookup

Just 4 days left 👉 https://thn.news/anyrun-plans-spring-tg

🚨 AI agents are leaking secrets—and no one's watching.

Enterprises now manage 45+ machine identities per user—from chatbots to CI/CD bots. In 2024 alone, 23.7M secrets leaked on GitHub. AI tools like Copilot worsened this by 40%.

NHIs don’t rotate keys. Don’t log off. Don’t forget.

🔒 Learn how to lock down AI agents → https://thehackernews.com/2025/05/ai-agents-and-nonhuman-identity-crisis.html

👀 Your Docker containers might be mining crypto—without you knowing.

A new malware is hijacking exposed Docker APIs, spreading like a worm, and turning systems into a crypto-mining botnet—no C2 server required.

🔍 See how it spreads: https://thehackernews.com/2025/05/new-self-spreading-malware-infects.html

🚨 Hackers built a fake Bitdefender site to push Venom RAT—stealing passwords, crypto, and control.

Behind it? A stealthy combo of open-source tools, MFA bypass tricks, and real-time phishing tactics. You won’t believe what they’re exploiting now.

Read: https://thehackernews.com/2025/05/cybercriminals-clone-antivirus-site-to_4.html

Apple blocked $9B+ in App Store fraud.

In 2024 alone:
🔥 $2B in fake transactions stopped
🚫 139K shady devs rejected
👤 129M bogus accounts banned

From malware to manipulated reviews—fraud is evolving fast.

👉 See what’s under the hood: https://thehackernews.com/2025/05/apple-blocks-9-billion-in-fraud-over-5.html

🚨 One Day. 251 IPs. 75 Targets.

Experts detected a wave of Japan-based, Amazon-hosted IPs scanning 75 exposure points in hours.

CVEs hit: ColdFusion (CVE-2018-15961), Struts (CVE-2017-5638), Elasticsearch (CVE-2015-1427)

See what was targeted → https://thehackernews.com/2025/05/251-amazon-hosted-ips-used-in-exploit.html

🚨 A new zero-day is under attack — and it’s making money off your CMS.

Hackers are hijacking Craft CMS via a fresh zero-day to mine crypto and sell your bandwidth — all with stealthy new tools. One odd Python trick might help you spot them.

Learn more: https://thehackernews.com/2025/05/mimo-hackers-exploit-cve-2025-32432-in.html

⚠️ You passed MFA. But your session didn’t.

A new attack, Browser-in-the-Middle, tricks users into typing passwords on a hacker’s browser—without knowing it.

It’s fast, invisible, and bypasses MFA.

Learn how it works—and how to stop it before it hits you. 👇 https://thehackernews.com/2025/05/how-browser-in-middle-attacks-steal.html

🚨 A new botnet is quietly hijacking Linux-based IoT devices.

PumaBot is targeting embedded Linux IoT devices—brute-forcing SSH, mining crypto, and hijacking credentials.

It impersonates Redis, evades honeypots, and survives reboots using systemd persistence.

🔗 Read: https://thehackernews.com/2025/05/new-pumabot-botnet-targets-linux-iot.html

🚨 Session hijacking just replaced password theft.

Attackers now buy live access to Microsoft 365, AWS, Slack—no passwords, no MFA needed.

Flare analyzed 20M+ stealer logs. What they found changes everything.

👉 How fast it happens—and how to stop it: https://thehackernews.com/2025/05/from-infection-to-access-24-hour.html

🚨 WARNING →

Apps like ChatGPT and Trello can access your entire OneDrive cloud via Microsoft’s File Picker—even if you upload just one file.

🔓 Overly broad permissions, vague prompts. No fix yet.

🔗 See what’s at risk → https://thehackernews.com/2025/05/microsoft-onedrive-file-picker-flaw.html

🚨 China accused of cyber espionage—again.

Czech Republic publicly blames APT31, a state-linked hacking group, for targeting its Foreign Ministry since 2022. The attack hit critical infrastructure.

🔗 Read the full story: https://thehackernews.com/2025/05/czech-republic-blames-china-linked.html

🚨 Iranian Hacker Pleads Guilty in U.S. Ransomware Case

Sina Gholinejad, 37, admitted to leading Robbinhood ransomware attacks that hit U.S. cities like Baltimore and Greenville between 2019–2024.

💥 $19M+ in damages
💥 City services shut down for months
💥 Used stolen access + vulnerable drivers to avoid detection
💥 Laundered ransom through crypto mixers

He faces up to 30 years in prison.

👉 Read the full story: https://thehackernews.com/2025/05/iranian-hacker-pleads-guilty-in-19.html

🚨 0-day Alert: Unpatched flaw threatens 100K+ WordPress sites

A critical vulnerability (CVE-2025-47577, CVSS 10.0) in TI WooCommerce Wishlist lets unauthenticated attackers upload malicious files.

🔗 Full details → https://thehackernews.com/2025/05/over-100000-wordpress-sites-at-risk.html

🚨 Google Calendar… as malware C2? You read that right.

Chinese APT41 hackers hijacked a govt site to launch a stealth campaign using malware dubbed TOUGHPROGRESS—leveraging Google Calendar events to send commands & exfiltrate data.

Find details here — https://thehackernews.com/2025/05/chinese-apt41-exploits-google-calendar.html

🎭 Phishing scams are down 20%—but don’t celebrate yet.

Hackers are now using GenAI to launch hyper-targeted attacks on HR and finance teams. The game changed. Are your defenses ready for what’s coming next?

🛡️ Read the full 2025 report: https://thehackernews.com/expert-insights/2025/05/zscaler-threatlabz-2025-phishing-report.html

🚨 UPDATE: 9,000 ASUS routers hijacked in silent global attack. Hackers gained persistent access using a known flaw—no malware, no alerts.

Linked to the same group behind the Cisco honeypot botnet.

The real plan? It’s just starting... 👀

Read: https://thehackernews.com/2025/05/vicioustrap-uses-cisco-flaw-to-build.html

🚨 Hackers hijacked a trusted IT tool to launch ransomware attacks across multiple companies in a supply chain breach.

👀 The twist? Another cyber gang may have quietly opened the door. The ransomware underworld is shifting.

Learn more: https://thehackernews.com/2025/05/dragonforce-exploits-simplehelp-flaws.html

🧬 New Malware Alert: Hides Using Broken File Headers!

Fortinet just uncovered a remote access trojan (RAT) that ran unnoticed for weeks—using corrupted DOS & PE headers to avoid detection.

🖥️ Turns your PC into a remote access hub
🔁 Supports multiple attacker sessions
🔐 Uses TLS to stay stealthy

🔗 Read the full story: https://thehackernews.com/2025/05/new-windows-rat-evades-detection-for.html