CTM360 just uncovered 16,000+ malicious Android URLs tied to the evolving PlayPraetor campaign.

🛡️ 5 new variants (Phish, RAT, PWA, Phantom, Veil) now target banking, tech, and energy users globally.

The threat is expanding fast.

Read the full report: https://thehackernews.com/2025/04/playpraetor-reloaded-ctm360-uncovers.html

🚨 NVIDIA’s critical security fix failed!

NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete — attackers can still escape containers and gain root access (CVE-2025-23359).

👀 Admins: Threat actors are watching...
✅ Patch now
✅ Audit your containers
✅ Lock down Docker APIs

Full report ➔ https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html

ALERT — A critical OttoKit plugin flaw (CVE-2025-3102) is under active attack: 100K+ WordPress sites at risk.

Hackers can create admin accounts and fully take over vulnerable sites.

Check admin users → Remove any suspicious accounts.

👉 Full details: https://thehackernews.com/2025/04/ottokit-wordpress-plugin-admin-creation.html

If you use OttoKit, update to v1.0.79 NOW.

⚡ Mobile Malware Alert — Cybersecurity researchers warn of rising threats from SpyNote, BadBazaar, and MOONSHINE malware.

➡️ SpyNote exploits fake Google Play pages to hijack Android devices — stealing data, mic, and camera access.

➡️ BadBazaar and MOONSHINE target Tibetan, Uyghur, and Taiwanese communities — tied to Chinese APT groups.

🔗 Full report: https://thehackernews.com/2025/04/spynote-badbazaar-moonshine-malware.html

🚨 23,958 IPs. 5 countries. 1 target.

Palo Alto Networks' GlobalProtect portals are under coordinated brute-force login attacks—no vulnerability yet, but the threat is real.

Urgent:
✅ Update PAN-OS
✅ Enforce MFA
✅ Harden your portals

🔗 Full story: https://thehackernews.com/2025/04/palo-alto-networks-warns-of-brute-force.html

🔥 Cyberattacks are scaling like startups — thanks to Initial Access Brokers (IABs).

🔹 In 2024, 58% of hacked access sells for under $1K.
🔹 Target sectors are widening — no one’s safe.
🔹 USA, Brazil, France top the hit list.

Cheaper access = faster, wider cyberattacks.

Details + defense tips 👉 https://thehackernews.com/2025/04/initial-access-brokers-shift-tactics.html

🚨 Paper Werewolf (aka GOFFEE) is hitting Russian government, energy, and media sectors with a stealthy new weapon → PowerModul.

It hijacks systems via fake Word/PDF files → deploys PowerShell malware → pivots with Mythic agents.

Read: https://thehackernews.com/2025/04/paper-werewolf-deploys-powermodul.html

⚡ Even patching won't save you.

Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN.

Full details 👉 https://thehackernews.com/2025/04/fortinet-warns-attackers-retain.html

🚨 New cyber threat alert!

Pakistan-linked hackers are ramping up attacks on India's oil, railways, and external affairs sectors using Xeno RAT, Spark RAT, and new malware CurlBack RAT.

They're now using MSI packages—ditching old methods—to steal browser data, files, and credentials across Windows & Linux.

Find details here: https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html

AI is already rewriting cybersecurity—and most defenders are unprepared.

Hackers are using AI to automate attacks in minutes, while security teams still react manually.

The new arms race isn’t humans vs. humans.

It’s AI vs. AI.

Learn more → https://thehackernews.com/2025/04/cybersecurity-in-ai-era-evolve-faster.html

🔥 Defenses can fail. Trusted tools can turn.

This week's newsletter covers how breaches happen before you even know they're possible.

⚡ Read and prepare → https://thehackernews.com/2025/04/weekly-recap-windows-0-day-vpn-exploits.html

🚨 Precision-targeted attacks are validating emails in real-time before stealing credentials.

🔍 Only verified, high-value accounts see fake login screens. No email? You’re redirected to Wikipedia to dodge detection.

Learn more: https://thehackernews.com/2025/04/phishing-campaigns-use-real-time-checks.html

🚨 Threat ALERT: ResolverRAT is hitting healthcare and pharma sectors hard — phishing, fear-bait, stealth attacks.

🛡️ Sophisticated multi-stage RAT
🌐 Localized lures: Hindi, Italian, Turkish + more
🕵️‍♂️ Advanced evasion: encryption, IP rotation, memory-only payload

🔗 Read: https://thehackernews.com/2025/04/resolverrat-campaign-targets-healthcare.html

🔥 Meta’s AI is coming for your public posts — but you can still opt out.

Starting this week, Meta is using public EU content from Facebook, Instagram & more (comments, posts, AI chats — not DMs).

Regulators approved it after a 1-year pause. Opt-out links are rolling out. Check your app or email.

👉 Act now → https://thehackernews.com/2025/04/meta-resumes-eu-ai-training-using.html

🚨 Alert — A 9.0 CVSS flaw in Gladinet’s CentreStack also affects Triofox—both used for remote access.

Attackers exploited it as a zero-day in March, hitting 7 orgs by April 11.

🔑 Root cause: Hardcoded crypto keys → enabled RCE via PowerShell + DLL sideloading

🔗 Read: https://thehackernews.com/2025/04/gladinets-triofox-and-centrestack-under.html

🚨 Hired by Hackers?

Devs on LinkedIn targeted in stealth malware attacks disguised as job offers.

Slow Pisces, linked to North Korea’s Bybit hack (Feb 2025), is now luring coders with fake challenges to drop RN Stealer—a macOS info-stealer pulling iCloud, SSH, and cloud config files.

➡️ Learn how it works: https://thehackernews.com/2025/04/crypto-developers-targeted-by-python.html

🚨 Apache Roller Hit by 10.0 CVSS Flaw!

Old sessions stay active even after a password change (CVE-2025-24859). Hackers can keep access silently.

All versions ≤6.1.4 affected.

👉 Full details: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html

🔒 Fixed in v6.1.5. Patch now.

🚨 Your biggest enterprise risk might be hiding in plain sight — THE BROWSER EXTENSIONS.

👀 99% of employees use them
👀 53% access sensitive data
👀 54% have unknown publishers

🔥 Your entire org could be one extension away from compromise.

🔗 Act now → Audit, assess, and lock down. Learn how: https://thehackernews.com/2025/04/majority-of-browser-extensions-can.html

Sophisticated phishing attacks are now routinely bypassing MFA, SSO, and multiple security layers across email, network, and endpoints.

Join the latest webinar from Push Security to learn why phishing attacks are more attractive than ever for attackers in 2025 — and what you can do to stop it.

Register here 👉 https://thn.news/phishing-webinar-it

⚠️ UNC5174 (aka Uteus), tied to China, is quietly breaching Linux & macOS systems using SNOWLIGHT malware + a fake Cloudflare app (VShell).

🔍 Targets: 20+ nations | Sectors: Gov, finance, defense
🛠 Tactics: Open-source tools, fileless payloads, fake authenticator apps
👀 Risk: Remote control, in-memory attacks, hard-to-trace

🔗 Full details: https://thehackernews.com/2025/04/chinese-hackers-target-linux-systems.html