π¨ New cyber threat alert!
Pakistan-linked hackers are ramping up attacks on India's oil, railways, and external affairs sectors using Xeno RAT, Spark RAT, and new malware CurlBack RAT.
They're now using MSI packagesβditching old methodsβto steal browser data, files, and credentials across Windows & Linux.
Find details here: https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html
Pakistan-linked hackers are ramping up attacks on India's oil, railways, and external affairs sectors using Xeno RAT, Spark RAT, and new malware CurlBack RAT.
They're now using MSI packagesβditching old methodsβto steal browser data, files, and credentials across Windows & Linux.
Find details here: https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html
π19π₯10π7π€4π1
AI is already rewriting cybersecurityβand most defenders are unprepared.
Hackers are using AI to automate attacks in minutes, while security teams still react manually.
The new arms race isnβt humans vs. humans.
Itβs AI vs. AI.
Learn more β https://thehackernews.com/2025/04/cybersecurity-in-ai-era-evolve-faster.html
Hackers are using AI to automate attacks in minutes, while security teams still react manually.
The new arms race isnβt humans vs. humans.
Itβs AI vs. AI.
Learn more β https://thehackernews.com/2025/04/cybersecurity-in-ai-era-evolve-faster.html
π25π€―10π8π₯7
π₯ Defenses can fail. Trusted tools can turn.
This week's newsletter covers how breaches happen before you even know they're possible.
β‘ Read and prepare β https://thehackernews.com/2025/04/weekly-recap-windows-0-day-vpn-exploits.html
This week's newsletter covers how breaches happen before you even know they're possible.
β‘ Read and prepare β https://thehackernews.com/2025/04/weekly-recap-windows-0-day-vpn-exploits.html
π₯14π7
π¨ Precision-targeted attacks are validating emails in real-time before stealing credentials.
π Only verified, high-value accounts see fake login screens. No email? Youβre redirected to Wikipedia to dodge detection.
Learn more: https://thehackernews.com/2025/04/phishing-campaigns-use-real-time-checks.html
π Only verified, high-value accounts see fake login screens. No email? Youβre redirected to Wikipedia to dodge detection.
Learn more: https://thehackernews.com/2025/04/phishing-campaigns-use-real-time-checks.html
π23π6π±1
π¨ Threat ALERT: ResolverRAT is hitting healthcare and pharma sectors hard β phishing, fear-bait, stealth attacks.
π‘οΈ Sophisticated multi-stage RAT
π Localized lures: Hindi, Italian, Turkish + more
π΅οΈββοΈ Advanced evasion: encryption, IP rotation, memory-only payload
π Read: https://thehackernews.com/2025/04/resolverrat-campaign-targets-healthcare.html
π‘οΈ Sophisticated multi-stage RAT
π Localized lures: Hindi, Italian, Turkish + more
π΅οΈββοΈ Advanced evasion: encryption, IP rotation, memory-only payload
π Read: https://thehackernews.com/2025/04/resolverrat-campaign-targets-healthcare.html
π28π₯4π1
π₯ Metaβs AI is coming for your public posts β but you can still opt out.
Starting this week, Meta is using public EU content from Facebook, Instagram & more (comments, posts, AI chats β not DMs).
Regulators approved it after a 1-year pause. Opt-out links are rolling out. Check your app or email.
π Act now β https://thehackernews.com/2025/04/meta-resumes-eu-ai-training-using.html
Starting this week, Meta is using public EU content from Facebook, Instagram & more (comments, posts, AI chats β not DMs).
Regulators approved it after a 1-year pause. Opt-out links are rolling out. Check your app or email.
π Act now β https://thehackernews.com/2025/04/meta-resumes-eu-ai-training-using.html
π€13π7π±2π€―1
π¨ Alert β A 9.0 CVSS flaw in Gladinetβs CentreStack also affects Triofoxβboth used for remote access.
Attackers exploited it as a zero-day in March, hitting 7 orgs by April 11.
π Root cause: Hardcoded crypto keys β enabled RCE via PowerShell + DLL sideloading
π Read: https://thehackernews.com/2025/04/gladinets-triofox-and-centrestack-under.html
Attackers exploited it as a zero-day in March, hitting 7 orgs by April 11.
π Root cause: Hardcoded crypto keys β enabled RCE via PowerShell + DLL sideloading
π Read: https://thehackernews.com/2025/04/gladinets-triofox-and-centrestack-under.html
π16
π¨ Hired by Hackers?
Devs on LinkedIn targeted in stealth malware attacks disguised as job offers.
Slow Pisces, linked to North Koreaβs Bybit hack (Feb 2025), is now luring coders with fake challenges to drop RN Stealerβa macOS info-stealer pulling iCloud, SSH, and cloud config files.
β‘οΈ Learn how it works: https://thehackernews.com/2025/04/crypto-developers-targeted-by-python.html
Devs on LinkedIn targeted in stealth malware attacks disguised as job offers.
Slow Pisces, linked to North Koreaβs Bybit hack (Feb 2025), is now luring coders with fake challenges to drop RN Stealerβa macOS info-stealer pulling iCloud, SSH, and cloud config files.
β‘οΈ Learn how it works: https://thehackernews.com/2025/04/crypto-developers-targeted-by-python.html
π13
π¨ Apache Roller Hit by 10.0 CVSS Flaw!
Old sessions stay active even after a password change (CVE-2025-24859). Hackers can keep access silently.
All versions β€6.1.4 affected.
π Full details: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html
π Fixed in v6.1.5. Patch now.
Old sessions stay active even after a password change (CVE-2025-24859). Hackers can keep access silently.
All versions β€6.1.4 affected.
π Full details: https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html
π Fixed in v6.1.5. Patch now.
π14π5
π¨ Your biggest enterprise risk might be hiding in plain sight β THE BROWSER EXTENSIONS.
π 99% of employees use them
π 53% access sensitive data
π 54% have unknown publishers
π₯ Your entire org could be one extension away from compromise.
π Act now β Audit, assess, and lock down. Learn how: https://thehackernews.com/2025/04/majority-of-browser-extensions-can.html
π 99% of employees use them
π 53% access sensitive data
π 54% have unknown publishers
π₯ Your entire org could be one extension away from compromise.
π Act now β Audit, assess, and lock down. Learn how: https://thehackernews.com/2025/04/majority-of-browser-extensions-can.html
π₯13π10π6
Sophisticated phishing attacks are now routinely bypassing MFA, SSO, and multiple security layers across email, network, and endpoints.
Join the latest webinar from Push Security to learn why phishing attacks are more attractive than ever for attackers in 2025 β and what you can do to stop it.
Register here π https://thn.news/phishing-webinar-it
Join the latest webinar from Push Security to learn why phishing attacks are more attractive than ever for attackers in 2025 β and what you can do to stop it.
Register here π https://thn.news/phishing-webinar-it
π10π2
β οΈ UNC5174 (aka Uteus), tied to China, is quietly breaching Linux & macOS systems using SNOWLIGHT malware + a fake Cloudflare app (VShell).
π Targets: 20+ nations | Sectors: Gov, finance, defense
π Tactics: Open-source tools, fileless payloads, fake authenticator apps
π Risk: Remote control, in-memory attacks, hard-to-trace
π Full details: https://thehackernews.com/2025/04/chinese-hackers-target-linux-systems.html
π Targets: 20+ nations | Sectors: Gov, finance, defense
π Tactics: Open-source tools, fileless payloads, fake authenticator apps
π Risk: Remote control, in-memory attacks, hard-to-trace
π Full details: https://thehackernews.com/2025/04/chinese-hackers-target-linux-systems.html
π21π1
"Your firewall wonβt save you."
Hackers are using ChatGPT to craft phishing lures & scan attack surfaces.
Meanwhile, most orgs still cling to VPNs & 30-year-old security models.
π₯ Zero Trust + AI isnβt hype β itβs survival.
Donβt fall behind: https://thehackernews.com/expert-insights/2025/04/rethinking-cyber-defense-with-zero.html
Hackers are using ChatGPT to craft phishing lures & scan attack surfaces.
Meanwhile, most orgs still cling to VPNs & 30-year-old security models.
π₯ Zero Trust + AI isnβt hype β itβs survival.
Donβt fall behind: https://thehackernews.com/expert-insights/2025/04/rethinking-cyber-defense-with-zero.html
π13π7π€―3
π CRITICAL ALERT β U.S. funding for MITREβs CVE vulnerability database program ends Wednesday.
MITRE warns: no funding = no new CVEs, degraded threat advisories, and slower incident response.
π οΈ CVEs power security tools, alerts, and patching across critical infrastructure.
π Without it, defenders lose a key part of their playbook.
π Full story β https://thehackernews.com/2025/04/us-govt-funding-for-mitres-cve-ends.html
MITRE warns: no funding = no new CVEs, degraded threat advisories, and slower incident response.
π οΈ CVEs power security tools, alerts, and patching across critical infrastructure.
π Without it, defenders lose a key part of their playbook.
π Full story β https://thehackernews.com/2025/04/us-govt-funding-for-mitres-cve-ends.html
π€―38π€7π6π4π₯3π±3β‘2π1
π¨ New Android Phones, Pre-Loaded with Malware?!
Since June 2024, cheap Androids from Chinese brands like SHOWJI come with trojanized WhatsApp/Telegram apps out of the box.
π± Fake models: βS24 Ultraβ, βNote 13 Proβ, etc.
πΈ Malware replaces your crypto wallet address in chats
π§ Scans your images for mnemonic phrases
π° Hackers netted $1.6M+ via 40+ infected apps & 60+ C2 servers
π Check the list & protect your crypto β https://thehackernews.com/2025/04/chinese-android-phones-shipped-with.html
Since June 2024, cheap Androids from Chinese brands like SHOWJI come with trojanized WhatsApp/Telegram apps out of the box.
π± Fake models: βS24 Ultraβ, βNote 13 Proβ, etc.
πΈ Malware replaces your crypto wallet address in chats
π§ Scans your images for mnemonic phrases
π° Hackers netted $1.6M+ via 40+ infected apps & 60+ C2 servers
π Check the list & protect your crypto β https://thehackernews.com/2025/04/chinese-android-phones-shipped-with.html
π12π6π₯3
π¨ BPFDoor is backβwith a stealthy new controller in play.
A fresh wave of BPFDoor attacks has hit telecom, finance & retail sectors in π°π·π²πΎππ°π²π²πͺπ¬ β using a stealth controller that opens reverse shells & moves laterally inside Linux networks.
π Read β https://thehackernews.com/2025/04/new-bpfdoor-controller-enables-stealthy.html
A fresh wave of BPFDoor attacks has hit telecom, finance & retail sectors in π°π·π²πΎππ°π²π²πͺπ¬ β using a stealth controller that opens reverse shells & moves laterally inside Linux networks.
π Read β https://thehackernews.com/2025/04/new-bpfdoor-controller-enables-stealthy.html
π11π₯3
β οΈ Why hack inβ¦ when you can just log in?
80% of breaches stem from SaaS identity misconfigurations.
One compromised account can trigger a chain: Entra ID takeover β GitHub exfiltration β Slack leaks
Wing Security gives full SaaS visibilityβno agents, no blind spots.
β Identity & app mapping
β Real-time threat detection
β Full attack timeline
π See how it works: https://thehackernews.com/2025/04/product-walkthrough-look-inside-wing.html
80% of breaches stem from SaaS identity misconfigurations.
One compromised account can trigger a chain: Entra ID takeover β GitHub exfiltration β Slack leaks
Wing Security gives full SaaS visibilityβno agents, no blind spots.
β Identity & app mapping
β Real-time threat detection
β Full attack timeline
π See how it works: https://thehackernews.com/2025/04/product-walkthrough-look-inside-wing.html
π9π5
β οΈ Hackers are abusing AI tool Gamma to craft fake presentations that lead you to spoofed Microsoft SharePoint loginsβand even fake CAPTCHA pages to dodge security scans.
πDetails: https://thehackernews.com/2025/04/ai-powered-gamma-used-to-host-microsoft.html
πDetails: https://thehackernews.com/2025/04/ai-powered-gamma-used-to-host-microsoft.html
π8π5π2π₯1π€1
π¨ Supply chain cyberattacks are exploding β and hitting where it hurts most: healthcare, retail, energy.
π¦ One breach = millions exposed.
The risk? Vendors are the backdoor. Hackers are walking right in.
Learn whatβs driving this wave and how to stay ahead: https://thehackernews.com/2025/04/from-third-party-vendors-to-us-tariffs.html
π¦ One breach = millions exposed.
The risk? Vendors are the backdoor. Hackers are walking right in.
Learn whatβs driving this wave and how to stay ahead: https://thehackernews.com/2025/04/from-third-party-vendors-to-us-tariffs.html
π10π3π₯2π€―1
π Google blocked 5.1B bad ads and banned 39.2M advertiser accounts in 2024.
AI flagged scams, deepfakes, and fraud at scaleβ700K accounts suspended for impersonating public figures alone.
π 5.1B bad ads blocked
π 9.1B restricted
π« 1.3B pages hit
π€ 5M+ scam accounts suspended
π€ AI flagged 700K deepfake scams
π Full story: https://thehackernews.com/2025/04/google-blocked-51b-harmful-ads-and.html
AI flagged scams, deepfakes, and fraud at scaleβ700K accounts suspended for impersonating public figures alone.
π 5.1B bad ads blocked
π 9.1B restricted
π« 1.3B pages hit
π€ 5M+ scam accounts suspended
π€ AI flagged 700K deepfake scams
π Full story: https://thehackernews.com/2025/04/google-blocked-51b-harmful-ads-and.html
π20π6π₯5β‘1π€1