👀 Attackers are now using multi-stage payloads that slip past detection—via simple tricks, not complex code.

One phishing email = 3 malware strains:
• Agent Tesla
• Remcos RAT
• XLoader

🔐 Plus: a new MysterySnail variant is targeting Mongolia & Russia—40+ commands, remote access, and evasion built-in.

➡️ See the full analysis: https://thehackernews.com/2025/04/multi-stage-malware-attack-uses-jse-and.html

⚠️ Alert: Fake E-ZPass Texts Target Drivers in 8 U.S. States

A widespread smishing scam is tricking drivers into fake toll payments to steal card info.

🔹 Linked to China-based Smishing Triad
🔹 Phishing kits sold by CS student Wang Duo Yu
🔹 Used in 121+ countries

🔗 Full story: https://thehackernews.com/2025/04/chinese-smishing-kit-behind-widespread.html

📵 Avoid clicking toll links in texts.

🚨 Critical ASUS Router Flaw Exposed
9.2 CVSS | Remote Hijack Risk

A new bug—CVE-2025-2492—lets attackers remotely execute functions on ASUS routers with AiCloud enabled.

🔗 Details: https://thehackernews.com/2025/04/asus-confirms-critical-flaw-in-aicloud.html

🚨 Malware Alert for Developers!

3 npm packages are mimicking a popular Telegram bot library—but secretly install SSH backdoors & exfiltrate your data.

They replicate the look of node-telegram-bot-api (100K+ weekly users), use starjacking to fake credibility, and target Linux systems. Removal ≠ protection—SSH keys stay behind.

Learn more: https://thehackernews.com/2025/04/rogue-npm-packages-mimic-telegram-bot.html

🚨 Russia’s APT29 hits EU diplomats with new malware disguised as wine-tasting invites.

🍷 GRAPELOADER is a stealthy first-stage loader hidden in “wine-zip”
🎯 Targets: European Ministries of Foreign Affairs
🔄 Launches WINELOADER for deep system access

🔗 Full report: https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html

🚨 Surge in cyberattacks tied to Russian bulletproof host Proton66 since Jan 8, 2025.

New research links it to brute-force, malware, ransomware—even traffic routed via Kaspersky Lab’s network path.

Attackers exploit 2024–25 zero-days, deploy SuperBlack & WeaXor ransomware, and run phishing via hacked WordPress sites.

Learn more: https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html

⚡ From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs deepest.

THN’s Weekly Recap breaks down the stealth, the strategy, and the systems under fire.

🔗 Read: https://thehackernews.com/2025/04/thn-weekly-recap-ios-zero-days-4chan.html

⚠️ Hold your phone near your card... and they drain your bank account.

A new Android malware-as-a-service, SuperCard X, is targeting Italians with NFC relay attacks—letting cybercriminals remotely steal card data and pull off ATM & PoS fraud.

👉 Learn how it works: https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html

Google’s now working on a new Android update to block risky app installs. But until then—stay sharp. Think before tapping.

🚨 Your MDM isn’t enough. Most breaches start with a device you can’t see.

Unmanaged laptops, outdated personal phones, misconfigured tools—attackers love them.
MDM/EDR miss the mark.

Device Trust closes the gap.

👀 See how: https://thehackernews.com/2025/04/5-reasons-device-management-isnt-device.html

🕵️‍♂️ Kimsuky is back—and digging deep.

A new Larva-24005 campaign is exploiting old RDP bugs (BlueKeep, CVE-2019-0708) to breach systems in South Korea, Japan & beyond—with targets across energy, finance & tech.

Learn more: https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html

💣 Lotus Panda, a China-linked APT, breached key sectors across Southeast Asia—govt, telecom, air traffic—from Aug 2024 to Feb 2025.

New tools. Stolen Chrome data. Hijacked legit software.

Read full report 👉 https://thehackernews.com/2025/04/lotus-panda-hacks-se-asian-governments.html

⚠️ AI is Supercharging DDoS Attacks.

Hackers now use AI to launch smarter, harder-to-stop DDoS attacks. Most defenses fail because they’re poorly set up — not because they’re weak.

🔗 Free DDoS Threat Check → https://thehackernews.com/expert-insights/2025/04/how-ai-and-iot-are-supercharging-ddos.html

🔥 Microsoft boosts security after major China-backed breach.

—MSA sign-ins moved to Azure confidential VMs

—92% of staff now use phishing-resistant MFA

—81% of code branches protected with proof-of-presence

—New Quick Machine Recovery auto-fixes Windows boot failures

See details: https://thehackernews.com/2025/04/microsoft-secures-msa-signing-with.html

🚨 Signed by Google. Hosted by Google. Hijacked by Hackers.

👀 Hackers sent real emails from [email protected] — fully verified, signed, no warnings. Victims handed over passwords, believing it was legit.

✔️ Real Google email
✔️ Fake login on Google Sites
✔️ Passed DKIM, SPF, DMARC

🔗 Full story: https://thehackernews.com/2025/04/phishers-exploit-google-sites-and-dkim.html

Each user is unique. Their security should be too.

Join Bitdefender on April 23 for the LIVE launch of GravityZone PHASR — a breakthrough in reducing employee attack surfaces by up to 95%.

🔒 Adaptive, user-focused protection
🎥 Live demo + expert insights

📅 Secure your spot here: https://thn.news/gravityzone-bitdefender-x

🛑 Privilege Escalation in Google Cloud!

A serious bug in Cloud Composer (GCP) let attackers with edit access take control of key services like Cloud Storage and Artifact Registry by uploading malicious code.

🔗 Read this story here: https://thehackernews.com/2025/04/gcp-cloud-composer-bug-let-attackers.html

👀 Browsers are the new battleground. 70% of modern malware starts here, yet most organizations overlook it.

AI tools, phishing, shadow IT, and risky extensions hide in plain sight.

Legacy security is inadequate. Monitor where work happens—the browser.

👉 Explore new risks. Read: https://thehackernews.com/2025/04/5-major-concerns-with-employees-using.html

🛑 New Malware Targets Docker — but it’s not about crypto mining anymore.

Hackers are hijacking Docker to run fake nodes on a Web3 network called Teneo. Instead of mining, they farm TENEO tokens by sending fake heartbeat signals.

🔹 325+ downloads from Docker Hub

Read more ➝ https://thehackernews.com/2025/04/docker-malware-exploits-teneo-web3-node.html

🔥 Google pulls the plug on third-party cookie prompts in Chrome.

No more new pop-ups — just Incognito upgrades & IP protection by Q3 2025.

While Firefox & Safari banned 3rd-party cookies in 2020, Google stalls—caught between privacy & profit.

Read — https://thehackernews.com/2025/04/google-drops-cookie-prompt-in-chrome.html

🚨 Crypto Devs, Watch Out!

Ripple's xrpl.js library was backdoored to steal private keys! Over 2.9M downloads, 135K devs at risk.

🗓️ Malicious versions: 4.2.1–4.2.4, 2.14.2
🛡️ Safe versions: 4.2.5, 2.14.3
👤 Hacker hijacked a Ripple dev's npm account on April 21, 2025.

🔗 Learn more: https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html