🚨 They’re back. Russian threat group FIN7 is using Anubis—a lightweight Python backdoor that grants full remote access to Windows machines without leaving detectable files.

It runs entirely in memory, evades most defenses, and can steal passwords, take screenshots, and exfiltrate data—all masked with Base64 and hosted on compromised SharePoint sites.

🔗 Full analysis: https://thehackernews.com/2025/04/fin7-deploys-anubis-backdoor-to-hijack.html

🔥 New Linux botnet ALERT!

Outlaw—a Romanian-linked group—is actively hijacking SSH servers to mine crypto via auto-spreading malware.

– Targets servers with weak SSH creds
– Uses BLITZ to self-propagate
– Installs SHELLBOT for remote control, DDoS, and data theft
– Exploits old bugs like Dirty COW (CVE-2016-5195)

🔗 Full report: https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html

53.5% of websites have weak SSL.

Not firewalls. Not zero-days. Just bad encryption setups.

👀 That’s how attackers walk in the front door.
SSL misconfigs = MITM attacks, eavesdropping & breaches.

🔥 Your attack surface is growing. Fix it before it spreads.

🔗 Learn more: https://thehackernews.com/2025/04/how-ssl-misconfigurations-impact-your.html

🔥 93% of service providers struggle with cybersecurity compliance.

Only 2% feel confident. That’s a problem—and an opportunity.

This guide breaks down NIST compliance into clear, doable steps for MSPs & MSSPs.

✅ Find gaps
✅ Automate tasks
✅ Build client trust
✅ Cut manual work by 70%

Start here → https://thehackernews.com/2025/04/helping-your-clients-achieve-nist.html

👀 New Google Cloud vulnerability exposed private containers—now patched.

A flaw in Google Cloud Run (ImageRunner) let attackers with limited access pull private images and inject malicious code.

Attackers could exploit this to steal secrets or run malicious containers.

🔗 Learn more: https://thehackernews.com/2025/04/google-fixed-cloud-run-vulnerability.html

🚨 Kidflix Taken Down!

The largest CSAM platform—1.8M users, 91K videos—has been dismantled in a global sting across 38 countries.

⚡ Operation Stream seized 72,000 files on March 11. Crypto. Tokens. Gamified abuse.
Real kids. Real crimes.

🔗 Read: https://thehackernews.com/2025/04/europol-dismantles-kidflix-with-72000.html

🚨 New web skimming campaign abuses old Stripe API to steal real credit cards

💳 49+ sites hit. Real Stripe screen, fake iframe. Cloned buttons.

Targets: WooCommerce, WordPress, PrestaShop.

🔎 Details → https://thehackernews.com/2025/04/legacy-stripe-api-exploited-to-validate.html

🛑 Think that cheap Android phone is a bargain? It might come loaded with Triada—a powerful malware pre-installed on counterfeit devices.

👀 2,600+ victims hit in just two weeks; and hackers stole 💰 $270K+ in crypto.

🔗 Learn more: https://thehackernews.com/2025/04/triada-malware-preloaded-on-counterfeit.html

🚨 New Google Quick Share flaw exposed.
📌 CVE-2024-10668

Attackers could crash your PC or send files to it without approval via Quick Share for Windows.

🔗 Learn more: https://thehackernews.com/2025/04/google-patches-quick-share.html

🚨 AI isn’t waiting for your compliance checklist.

CISOs want faster, smarter SOCs—but GRC teams hit pause. Result? Missed threats. Wasted time. Rising risk.

✅ The fix: Practical AI governance.

👉 Break the deadlock now. Read the guide: https://thehackernews.com/2025/04/ai-adoption-in-enterprise-breaking.html

🔥 North Korea’s Lazarus Group is back—with a new twist on fake job scams.

They’re using ClickFix tricks to infect crypto job seekers with GolangGhost, a stealthy Go-based backdoor hitting Windows & macOS.

Now expanding fast in Europe—with IT workers faking identities to infiltrate companies in 🇩🇪Germany, 🇵🇹Portugal & 🇬🇧UK.

🔗 Full story: https://thehackernews.com/2025/04/lazarus-group-targets-job-seekers-with.html

🚨 Cybercriminals just got smarter. Did your defenses?

AI isn't just a tool for good—it’s a weapon in the wrong hands. Deepfake phishing, AI-powered exploits, invisible breaches—they’re already here.

If your security hasn’t adapted, you’re already behind. But there’s a way forward.

👀 Join us for our next WEBINAR
🎙️ Featuring expert from @Zscaler
💡 Learn how to outsmart AI-powered threats

Watch now → https://thehackernews.com/2025/04/ai-threats-are-evolving-fast-learn.html

Stop patching blindly. Start defending smart.

Threat-Led Vulnerability Management (TLVM) helps you focus on what attackers are actually exploiting—not just what’s labeled “critical.”

In today’s AI-fueled threat landscape, context > CVSS.
🎯 Prioritize real risks.
🛡️ Strengthen your defenses.
⏱️ Act before attackers do.

Learn how: https://thehackernews.com/expert-insights/2025/03/why-now-is-time-to-adopt-threat-led.html

🚨 Microsoft Alert: New tax-season phishing wave hits 2,300+ U.S. Companies!

Hackers are using PDFs, QR codes, and fake DocuSign pages to steal passwords and install malware like Latrodectus and Brute Ratel.

🎯 Targeted: IT, consulting, and engineering firms
📦 Malware: Remcos, AHKBot, GuLoader, more

🔗 Full story here: https://thehackernews.com/2025/04/microsoft-warns-of-tax-themed-email.html

🚨 Massive new risk for data systems!

CVE-2025-30065 | Apache Parquet Java lib flaw (CVSS 10.0) lets attackers execute arbitrary code via poisoned files.

If your pipelines touch untrusted Parquet files, patch NOW.

Read: https://thehackernews.com/2025/04/critical-flaw-in-apache-parquet-allows.html

👀 The cloud never slows down — neither do the threats.

Wiz, now part of Google’s biggest acquisition ever, can show you in 15 mins how to secure everything from code to runtime—without adding friction.

👉 See how it works: https://thehackernews.com/videos/2025/03/wiz-15-minute-demo-secure-everything.html

⚡ CERT-UA confirms 3+ attacks on Ukraine’s government and critical systems since Fall 2024 using phishing links (DropMeFiles, Google Drive) to deploy WRECKSTEEL malware.

Cyber threats are escalating.

Read more ➔ https://thehackernews.com/2025/04/cert-ua-reports-cyberattacks-targeting.html

🔥 New Ivanti ZERO-DAY exploited in the wild — China-linked UNC5221 hits Connect Secure (CVE-2025-22457, CVSS 9.0).

💣 Exploits spotted mid-March by Mandiant.
🕵️‍♂️Malware: TRAILBLAZE, BRUSHFIRE, SPAWN.
🎯 Persistence. Credential theft. Data exfiltration.

⚡ Patch now | See full story + urgent guidance: https://thehackernews.com/2025/04/critical-ivanti-flaw-actively-exploited.html

🚨 Hackers aren’t hiding in basements anymore — they’re students with business plans.

A 19-year-old, Coquettte, used Russian bulletproof hosting to spread malware disguised as antivirus software.

An OPSEC mistake exposed ties to Horrid, a cybercrime group training new hackers.

👀 Learn more: https://thehackernews.com/2025/04/opsec-failure-exposes-coquetttes.html

🔥 10 years ago, Docker changed how we build software.

Today, Chainguard OS changes how we deliver it.

Chainguard OS:
✅ Secure upstream sources
✅ Daily updates
✅ Smaller, safer, faster

Containers evolved. Now software delivery has too.

👉 What’s next: https://thehackernews.com/2025/04/have-we-reached-distroless-tipping-point.html