Apple blocked $9B+ in App Store fraud.

In 2024 alone:
🔥 $2B in fake transactions stopped
🚫 139K shady devs rejected
👤 129M bogus accounts banned

From malware to manipulated reviews—fraud is evolving fast.

👉 See what’s under the hood: https://thehackernews.com/2025/05/apple-blocks-9-billion-in-fraud-over-5.html

🚨 One Day. 251 IPs. 75 Targets.

Experts detected a wave of Japan-based, Amazon-hosted IPs scanning 75 exposure points in hours.

CVEs hit: ColdFusion (CVE-2018-15961), Struts (CVE-2017-5638), Elasticsearch (CVE-2015-1427)

See what was targeted → https://thehackernews.com/2025/05/251-amazon-hosted-ips-used-in-exploit.html

🚨 A new zero-day is under attack — and it’s making money off your CMS.

Hackers are hijacking Craft CMS via a fresh zero-day to mine crypto and sell your bandwidth — all with stealthy new tools. One odd Python trick might help you spot them.

Learn more: https://thehackernews.com/2025/05/mimo-hackers-exploit-cve-2025-32432-in.html

⚠️ You passed MFA. But your session didn’t.

A new attack, Browser-in-the-Middle, tricks users into typing passwords on a hacker’s browser—without knowing it.

It’s fast, invisible, and bypasses MFA.

Learn how it works—and how to stop it before it hits you. 👇 https://thehackernews.com/2025/05/how-browser-in-middle-attacks-steal.html

🚨 A new botnet is quietly hijacking Linux-based IoT devices.

PumaBot is targeting embedded Linux IoT devices—brute-forcing SSH, mining crypto, and hijacking credentials.

It impersonates Redis, evades honeypots, and survives reboots using systemd persistence.

🔗 Read: https://thehackernews.com/2025/05/new-pumabot-botnet-targets-linux-iot.html

🚨 Session hijacking just replaced password theft.

Attackers now buy live access to Microsoft 365, AWS, Slack—no passwords, no MFA needed.

Flare analyzed 20M+ stealer logs. What they found changes everything.

👉 How fast it happens—and how to stop it: https://thehackernews.com/2025/05/from-infection-to-access-24-hour.html

🚨 WARNING →

Apps like ChatGPT and Trello can access your entire OneDrive cloud via Microsoft’s File Picker—even if you upload just one file.

🔓 Overly broad permissions, vague prompts. No fix yet.

🔗 See what’s at risk → https://thehackernews.com/2025/05/microsoft-onedrive-file-picker-flaw.html

🚨 China accused of cyber espionage—again.

Czech Republic publicly blames APT31, a state-linked hacking group, for targeting its Foreign Ministry since 2022. The attack hit critical infrastructure.

🔗 Read the full story: https://thehackernews.com/2025/05/czech-republic-blames-china-linked.html

🚨 Iranian Hacker Pleads Guilty in U.S. Ransomware Case

Sina Gholinejad, 37, admitted to leading Robbinhood ransomware attacks that hit U.S. cities like Baltimore and Greenville between 2019–2024.

💥 $19M+ in damages
💥 City services shut down for months
💥 Used stolen access + vulnerable drivers to avoid detection
💥 Laundered ransom through crypto mixers

He faces up to 30 years in prison.

👉 Read the full story: https://thehackernews.com/2025/05/iranian-hacker-pleads-guilty-in-19.html

🚨 0-day Alert: Unpatched flaw threatens 100K+ WordPress sites

A critical vulnerability (CVE-2025-47577, CVSS 10.0) in TI WooCommerce Wishlist lets unauthenticated attackers upload malicious files.

🔗 Full details → https://thehackernews.com/2025/05/over-100000-wordpress-sites-at-risk.html

🚨 Google Calendar… as malware C2? You read that right.

Chinese APT41 hackers hijacked a govt site to launch a stealth campaign using malware dubbed TOUGHPROGRESS—leveraging Google Calendar events to send commands & exfiltrate data.

Find details here — https://thehackernews.com/2025/05/chinese-apt41-exploits-google-calendar.html

🎭 Phishing scams are down 20%—but don’t celebrate yet.

Hackers are now using GenAI to launch hyper-targeted attacks on HR and finance teams. The game changed. Are your defenses ready for what’s coming next?

🛡️ Read the full 2025 report: https://thehackernews.com/expert-insights/2025/05/zscaler-threatlabz-2025-phishing-report.html

🚨 UPDATE: 9,000 ASUS routers hijacked in silent global attack. Hackers gained persistent access using a known flaw—no malware, no alerts.

Linked to the same group behind the Cisco honeypot botnet.

The real plan? It’s just starting... 👀

Read: https://thehackernews.com/2025/05/vicioustrap-uses-cisco-flaw-to-build.html

🚨 Hackers hijacked a trusted IT tool to launch ransomware attacks across multiple companies in a supply chain breach.

👀 The twist? Another cyber gang may have quietly opened the door. The ransomware underworld is shifting.

Learn more: https://thehackernews.com/2025/05/dragonforce-exploits-simplehelp-flaws.html

🧬 New Malware Alert: Hides Using Broken File Headers!

Fortinet just uncovered a remote access trojan (RAT) that ran unnoticed for weeks—using corrupted DOS & PE headers to avoid detection.

🖥️ Turns your PC into a remote access hub
🔁 Supports multiple attacker sessions
🔐 Uses TLS to stay stealthy

🔗 Read the full story: https://thehackernews.com/2025/05/new-windows-rat-evades-detection-for.html

At Georgetown, gain the tactical skills to plan for and respond to information security threats. Attend our June 12 webinar.

Sign up now: https://thn.news/cyber-risk-2025-ig

🚨 AI tools are the new bait!

Fake ChatGPT & InVideo AI installers are spreading ransomware & destructive malware like CyberLock, Lucky_Gh0$t, and Numero.

Hackers are weaponizing AI hype. Don't trust free tools from shady links.

🔗Details: https://thehackernews.com/2025/05/cybercriminals-target-ai-users-with.html

🚨 Fake News, Real Threats!

Meta just shut down 3 secret influence ops from Iran, China, and Romania using fake accounts, AI, and hashtags to sway public opinion.

👁‍🗨 658 fake Facebook accounts.
🎭 AI-generated profiles.

One Iranian campaign tied to Storm-2035 even misused ChatGPT to spread polarizing propaganda.

🔗 Read details — https://thehackernews.com/2025/05/meta-disrupts-influence-ops-targeting.html

🚨 ConnectWise confirms a targeted cyberattack on its environment—likely tied to a nation-state actor.

Just weeks after patching CVE-2025-3935, suspicious activity hit a small group of customers.

Stay ALERT | Read details: https://thehackernews.com/2025/05/connectwise-hit-by-cyberattack-nation.html

🚨 The U.S. Treasury has sanctioned Funnull, a Philippines-based firm powering thousands of crypto scams—causing over $200M in U.S. losses.

The twist? They used AWS and Azure to host fake sites at scale.

🔹 332K+ domains
🔹 548 spoofed brands
🔹 Avg. victim loss: $150K+

Don’t get played: https://thehackernews.com/2025/05/us-sanctions-funnull-for-200m-romance.html

UPDATE — Two PoC exploits for the BadSuccessor flaw in Windows Server 2025 are now public.

⚠️ One enables stealthy privilege escalation with just a Kerberos ticket
⚠️ SharpSuccessor lets low-priv users gain domain admin via CreateChild rights

Read: https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html