🚨 New NTLM flaw (CVE-2025-24054) is being actively exploited to steal Windows credentials—just by downloading a file. No clicks, no execution needed.

This "low-interaction" bug leaks NTLMv2 hashes via SMB—perfect for pass-the-hash attacks.

🔗 Details here: https://thehackernews.com/2025/04/cve-2025-24054-under-active.html

🚨 New XorDDoS Variant Targets U.S. Servers!

The malware is now hijacking Docker and Linux systems via SSH brute-force attacks.

A new “VIP” controller spotted in 2024 suggests it’s being sold as a service, expanding botnet operations.

Full story → https://thehackernews.com/2025/04/experts-uncover-new-xorddos-controller.html

AI is already in your SaaS. The real question: Do you know where—or how risky it is?

Employees are using ChatGPT, bots, and AI tools without security oversight. Shadow AI is real—and your old playbook won’t catch it.

🔥 WEBINAR — Join AI security expert and learn:
📌 Real breach cases
⚙️ Detection strategies that actually work
🚨 What to do before your next silent breach

Join the webinar → https://thehackernews.com/2025/04/webinar-ai-is-already-inside-your-saas.html

👀 Attackers are now using multi-stage payloads that slip past detection—via simple tricks, not complex code.

One phishing email = 3 malware strains:
• Agent Tesla
• Remcos RAT
• XLoader

🔐 Plus: a new MysterySnail variant is targeting Mongolia & Russia—40+ commands, remote access, and evasion built-in.

➡️ See the full analysis: https://thehackernews.com/2025/04/multi-stage-malware-attack-uses-jse-and.html

⚠️ Alert: Fake E-ZPass Texts Target Drivers in 8 U.S. States

A widespread smishing scam is tricking drivers into fake toll payments to steal card info.

🔹 Linked to China-based Smishing Triad
🔹 Phishing kits sold by CS student Wang Duo Yu
🔹 Used in 121+ countries

🔗 Full story: https://thehackernews.com/2025/04/chinese-smishing-kit-behind-widespread.html

📵 Avoid clicking toll links in texts.

🚨 Critical ASUS Router Flaw Exposed
9.2 CVSS | Remote Hijack Risk

A new bug—CVE-2025-2492—lets attackers remotely execute functions on ASUS routers with AiCloud enabled.

🔗 Details: https://thehackernews.com/2025/04/asus-confirms-critical-flaw-in-aicloud.html

🚨 Malware Alert for Developers!

3 npm packages are mimicking a popular Telegram bot library—but secretly install SSH backdoors & exfiltrate your data.

They replicate the look of node-telegram-bot-api (100K+ weekly users), use starjacking to fake credibility, and target Linux systems. Removal ≠ protection—SSH keys stay behind.

Learn more: https://thehackernews.com/2025/04/rogue-npm-packages-mimic-telegram-bot.html

🚨 Russia’s APT29 hits EU diplomats with new malware disguised as wine-tasting invites.

🍷 GRAPELOADER is a stealthy first-stage loader hidden in “wine-zip”
🎯 Targets: European Ministries of Foreign Affairs
🔄 Launches WINELOADER for deep system access

🔗 Full report: https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html

🚨 Surge in cyberattacks tied to Russian bulletproof host Proton66 since Jan 8, 2025.

New research links it to brute-force, malware, ransomware—even traffic routed via Kaspersky Lab’s network path.

Attackers exploit 2024–25 zero-days, deploy SuperBlack & WeaXor ransomware, and run phishing via hacked WordPress sites.

Learn more: https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html

⚡ From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs deepest.

THN’s Weekly Recap breaks down the stealth, the strategy, and the systems under fire.

🔗 Read: https://thehackernews.com/2025/04/thn-weekly-recap-ios-zero-days-4chan.html

⚠️ Hold your phone near your card... and they drain your bank account.

A new Android malware-as-a-service, SuperCard X, is targeting Italians with NFC relay attacks—letting cybercriminals remotely steal card data and pull off ATM & PoS fraud.

👉 Learn how it works: https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html

Google’s now working on a new Android update to block risky app installs. But until then—stay sharp. Think before tapping.

🚨 Your MDM isn’t enough. Most breaches start with a device you can’t see.

Unmanaged laptops, outdated personal phones, misconfigured tools—attackers love them.
MDM/EDR miss the mark.

Device Trust closes the gap.

👀 See how: https://thehackernews.com/2025/04/5-reasons-device-management-isnt-device.html

🕵️‍♂️ Kimsuky is back—and digging deep.

A new Larva-24005 campaign is exploiting old RDP bugs (BlueKeep, CVE-2019-0708) to breach systems in South Korea, Japan & beyond—with targets across energy, finance & tech.

Learn more: https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html

💣 Lotus Panda, a China-linked APT, breached key sectors across Southeast Asia—govt, telecom, air traffic—from Aug 2024 to Feb 2025.

New tools. Stolen Chrome data. Hijacked legit software.

Read full report 👉 https://thehackernews.com/2025/04/lotus-panda-hacks-se-asian-governments.html

⚠️ AI is Supercharging DDoS Attacks.

Hackers now use AI to launch smarter, harder-to-stop DDoS attacks. Most defenses fail because they’re poorly set up — not because they’re weak.

🔗 Free DDoS Threat Check → https://thehackernews.com/expert-insights/2025/04/how-ai-and-iot-are-supercharging-ddos.html

🔥 Microsoft boosts security after major China-backed breach.

—MSA sign-ins moved to Azure confidential VMs

—92% of staff now use phishing-resistant MFA

—81% of code branches protected with proof-of-presence

—New Quick Machine Recovery auto-fixes Windows boot failures

See details: https://thehackernews.com/2025/04/microsoft-secures-msa-signing-with.html

🚨 Signed by Google. Hosted by Google. Hijacked by Hackers.

👀 Hackers sent real emails from [email protected] — fully verified, signed, no warnings. Victims handed over passwords, believing it was legit.

✔️ Real Google email
✔️ Fake login on Google Sites
✔️ Passed DKIM, SPF, DMARC

🔗 Full story: https://thehackernews.com/2025/04/phishers-exploit-google-sites-and-dkim.html

Each user is unique. Their security should be too.

Join Bitdefender on April 23 for the LIVE launch of GravityZone PHASR — a breakthrough in reducing employee attack surfaces by up to 95%.

🔒 Adaptive, user-focused protection
🎥 Live demo + expert insights

📅 Secure your spot here: https://thn.news/gravityzone-bitdefender-x

🛑 Privilege Escalation in Google Cloud!

A serious bug in Cloud Composer (GCP) let attackers with edit access take control of key services like Cloud Storage and Artifact Registry by uploading malicious code.

🔗 Read this story here: https://thehackernews.com/2025/04/gcp-cloud-composer-bug-let-attackers.html

👀 Browsers are the new battleground. 70% of modern malware starts here, yet most organizations overlook it.

AI tools, phishing, shadow IT, and risky extensions hide in plain sight.

Legacy security is inadequate. Monitor where work happens—the browser.

👉 Explore new risks. Read: https://thehackernews.com/2025/04/5-major-concerns-with-employees-using.html