🚨 Iranian Hacker Pleads Guilty in U.S. Ransomware Case

Sina Gholinejad, 37, admitted to leading Robbinhood ransomware attacks that hit U.S. cities like Baltimore and Greenville between 2019–2024.

💥 $19M+ in damages
💥 City services shut down for months
💥 Used stolen access + vulnerable drivers to avoid detection
💥 Laundered ransom through crypto mixers

He faces up to 30 years in prison.

👉 Read the full story: https://thehackernews.com/2025/05/iranian-hacker-pleads-guilty-in-19.html

🚨 0-day Alert: Unpatched flaw threatens 100K+ WordPress sites

A critical vulnerability (CVE-2025-47577, CVSS 10.0) in TI WooCommerce Wishlist lets unauthenticated attackers upload malicious files.

🔗 Full details → https://thehackernews.com/2025/05/over-100000-wordpress-sites-at-risk.html

🚨 Google Calendar… as malware C2? You read that right.

Chinese APT41 hackers hijacked a govt site to launch a stealth campaign using malware dubbed TOUGHPROGRESS—leveraging Google Calendar events to send commands & exfiltrate data.

Find details here — https://thehackernews.com/2025/05/chinese-apt41-exploits-google-calendar.html

🎭 Phishing scams are down 20%—but don’t celebrate yet.

Hackers are now using GenAI to launch hyper-targeted attacks on HR and finance teams. The game changed. Are your defenses ready for what’s coming next?

🛡️ Read the full 2025 report: https://thehackernews.com/expert-insights/2025/05/zscaler-threatlabz-2025-phishing-report.html

🚨 UPDATE: 9,000 ASUS routers hijacked in silent global attack. Hackers gained persistent access using a known flaw—no malware, no alerts.

Linked to the same group behind the Cisco honeypot botnet.

The real plan? It’s just starting... 👀

Read: https://thehackernews.com/2025/05/vicioustrap-uses-cisco-flaw-to-build.html

🚨 Hackers hijacked a trusted IT tool to launch ransomware attacks across multiple companies in a supply chain breach.

👀 The twist? Another cyber gang may have quietly opened the door. The ransomware underworld is shifting.

Learn more: https://thehackernews.com/2025/05/dragonforce-exploits-simplehelp-flaws.html

🧬 New Malware Alert: Hides Using Broken File Headers!

Fortinet just uncovered a remote access trojan (RAT) that ran unnoticed for weeks—using corrupted DOS & PE headers to avoid detection.

🖥️ Turns your PC into a remote access hub
🔁 Supports multiple attacker sessions
🔐 Uses TLS to stay stealthy

🔗 Read the full story: https://thehackernews.com/2025/05/new-windows-rat-evades-detection-for.html

At Georgetown, gain the tactical skills to plan for and respond to information security threats. Attend our June 12 webinar.

Sign up now: https://thn.news/cyber-risk-2025-ig

🚨 AI tools are the new bait!

Fake ChatGPT & InVideo AI installers are spreading ransomware & destructive malware like CyberLock, Lucky_Gh0$t, and Numero.

Hackers are weaponizing AI hype. Don't trust free tools from shady links.

🔗Details: https://thehackernews.com/2025/05/cybercriminals-target-ai-users-with.html

🚨 Fake News, Real Threats!

Meta just shut down 3 secret influence ops from Iran, China, and Romania using fake accounts, AI, and hashtags to sway public opinion.

👁‍🗨 658 fake Facebook accounts.
🎭 AI-generated profiles.

One Iranian campaign tied to Storm-2035 even misused ChatGPT to spread polarizing propaganda.

🔗 Read details — https://thehackernews.com/2025/05/meta-disrupts-influence-ops-targeting.html

🚨 ConnectWise confirms a targeted cyberattack on its environment—likely tied to a nation-state actor.

Just weeks after patching CVE-2025-3935, suspicious activity hit a small group of customers.

Stay ALERT | Read details: https://thehackernews.com/2025/05/connectwise-hit-by-cyberattack-nation.html

🚨 The U.S. Treasury has sanctioned Funnull, a Philippines-based firm powering thousands of crypto scams—causing over $200M in U.S. losses.

The twist? They used AWS and Azure to host fake sites at scale.

🔹 332K+ domains
🔹 548 spoofed brands
🔹 Avg. victim loss: $150K+

Don’t get played: https://thehackernews.com/2025/05/us-sanctions-funnull-for-200m-romance.html

UPDATE — Two PoC exploits for the BadSuccessor flaw in Windows Server 2025 are now public.

⚠️ One enables stealthy privilege escalation with just a Kerberos ticket
⚠️ SharpSuccessor lets low-priv users gain domain admin via CreateChild rights

Read: https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html

🔥 China-backed hackers are on the move.

Earth Lamia is hitting govts, IT firms & universities in 🇮🇳 🇧🇷 🇻🇳 🇵🇭 🇹🇭 using 9 exploits—incl. SAP NetWeaver & TeamCity.

⚠️ SQL injections
⚠️ Custom malware
⚠️ Ransomware… then delete it?

Full story 👉 https://thehackernews.com/2025/05/china-linked-hackers-exploit-sap-and.html

👀 “We never drop tools. We use yours.” — BlackBasta ransomware.

A new Bitdefender analysis of 700,000 incidents reveals this chilling truth: 84% of major cyberattacks use Living Off the Land tools like netsh.exe, powershell.exe, wmic.exe.

🔗 Read the report: https://thehackernews.com/expert-insights/2025/05/living-off-land-what-we-learned-from.html

“Healthcare loves to walk backwards into the future.” – Jason Elrod, CISO, MultiCare Health System.

Legacy IT nearly broke care delivery. But with identity-based microsegmentation, Elrod flipped the script:
✅ 30K staff
✅ 14 hospitals
✅ Zero downtime
✅ 238% ROI

Security shouldn't be a roadblock—it should be a bridge.

See how MultiCare did it → https://thehackernews.com/2025/05/from-department-of-no-to-culture-of-yes.html

🚨 “Prove you're not a robot” — turns into full system breach!

Hackers are using fake CAPTCHA checks to deploy a stealthy new Rust malware, EDDIESTEALER, via ClickFix—a social engineering trick abusing PowerShell on Windows.

🎯 Targets: Passwords, crypto wallets, cookies, and more.

🔗 Full report: https://thehackernews.com/2025/05/eddiestealer-malware-uses-clickfix.html

🚨 Global cybercrime tool taken down.

On May 27, 2025, U.S., Dutch, and Finnish authorities seized domains like AvCheck[.]net, used by hackers to hide malware from antivirus tools.

👀 The twist? These “security checkers” claimed to detect threats—but were secretly helping cybercriminals stay invisible.

🔗 Details: https://thehackernews.com/2025/05/us-doj-seizes-4-domains-supporting.html

🔐 Two Linux flaws let local attackers steal secrets from crash dumps — including password hashes.

Found in Ubuntu, RHEL & Fedora, the bugs (CVE-2025-5054 & CVE-2025-4598) exploit SUID crash handling.

A simple race—triggered at just the right time—can leak /etc/shadow data.

PoC is public. Mitigations exist.

Read: https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html

👀 “Strategic Opportunity” or Silent Backdoor?

CFOs across Europe, Africa, & Asia are being hunted in a stealth phishing op impersonating Rothschild recruiters. Victims solve a CAPTCHA—then unknowingly install NetBird & OpenSSH, giving attackers remote access.

It’s legit software. Weaponized.

Learn more: https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.html

Cyberattacks are getting smarter—not louder.

APTs, AI malware, and browser hijacks are slipping in through trusted tools.

We’ve cut through the noise—here are the key exploits, CVEs, and tactics to know.

🔗 Read latest weekly recap: https://thehackernews.com/2025/06/weekly-recap-apt-intrusions-ai-malware.html