⚡ From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs deepest.

THN’s Weekly Recap breaks down the stealth, the strategy, and the systems under fire.

🔗 Read: https://thehackernews.com/2025/04/thn-weekly-recap-ios-zero-days-4chan.html

⚠️ Hold your phone near your card... and they drain your bank account.

A new Android malware-as-a-service, SuperCard X, is targeting Italians with NFC relay attacks—letting cybercriminals remotely steal card data and pull off ATM & PoS fraud.

👉 Learn how it works: https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html

Google’s now working on a new Android update to block risky app installs. But until then—stay sharp. Think before tapping.

🚨 Your MDM isn’t enough. Most breaches start with a device you can’t see.

Unmanaged laptops, outdated personal phones, misconfigured tools—attackers love them.
MDM/EDR miss the mark.

Device Trust closes the gap.

👀 See how: https://thehackernews.com/2025/04/5-reasons-device-management-isnt-device.html

🕵️‍♂️ Kimsuky is back—and digging deep.

A new Larva-24005 campaign is exploiting old RDP bugs (BlueKeep, CVE-2019-0708) to breach systems in South Korea, Japan & beyond—with targets across energy, finance & tech.

Learn more: https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html

💣 Lotus Panda, a China-linked APT, breached key sectors across Southeast Asia—govt, telecom, air traffic—from Aug 2024 to Feb 2025.

New tools. Stolen Chrome data. Hijacked legit software.

Read full report 👉 https://thehackernews.com/2025/04/lotus-panda-hacks-se-asian-governments.html

⚠️ AI is Supercharging DDoS Attacks.

Hackers now use AI to launch smarter, harder-to-stop DDoS attacks. Most defenses fail because they’re poorly set up — not because they’re weak.

🔗 Free DDoS Threat Check → https://thehackernews.com/expert-insights/2025/04/how-ai-and-iot-are-supercharging-ddos.html

🔥 Microsoft boosts security after major China-backed breach.

—MSA sign-ins moved to Azure confidential VMs

—92% of staff now use phishing-resistant MFA

—81% of code branches protected with proof-of-presence

—New Quick Machine Recovery auto-fixes Windows boot failures

See details: https://thehackernews.com/2025/04/microsoft-secures-msa-signing-with.html

🚨 Signed by Google. Hosted by Google. Hijacked by Hackers.

👀 Hackers sent real emails from [email protected] — fully verified, signed, no warnings. Victims handed over passwords, believing it was legit.

✔️ Real Google email
✔️ Fake login on Google Sites
✔️ Passed DKIM, SPF, DMARC

🔗 Full story: https://thehackernews.com/2025/04/phishers-exploit-google-sites-and-dkim.html

Each user is unique. Their security should be too.

Join Bitdefender on April 23 for the LIVE launch of GravityZone PHASR — a breakthrough in reducing employee attack surfaces by up to 95%.

🔒 Adaptive, user-focused protection
🎥 Live demo + expert insights

📅 Secure your spot here: https://thn.news/gravityzone-bitdefender-x

🛑 Privilege Escalation in Google Cloud!

A serious bug in Cloud Composer (GCP) let attackers with edit access take control of key services like Cloud Storage and Artifact Registry by uploading malicious code.

🔗 Read this story here: https://thehackernews.com/2025/04/gcp-cloud-composer-bug-let-attackers.html

👀 Browsers are the new battleground. 70% of modern malware starts here, yet most organizations overlook it.

AI tools, phishing, shadow IT, and risky extensions hide in plain sight.

Legacy security is inadequate. Monitor where work happens—the browser.

👉 Explore new risks. Read: https://thehackernews.com/2025/04/5-major-concerns-with-employees-using.html

🛑 New Malware Targets Docker — but it’s not about crypto mining anymore.

Hackers are hijacking Docker to run fake nodes on a Web3 network called Teneo. Instead of mining, they farm TENEO tokens by sending fake heartbeat signals.

🔹 325+ downloads from Docker Hub

Read more ➝ https://thehackernews.com/2025/04/docker-malware-exploits-teneo-web3-node.html

🔥 Google pulls the plug on third-party cookie prompts in Chrome.

No more new pop-ups — just Incognito upgrades & IP protection by Q3 2025.

While Firefox & Safari banned 3rd-party cookies in 2020, Google stalls—caught between privacy & profit.

Read — https://thehackernews.com/2025/04/google-drops-cookie-prompt-in-chrome.html

🚨 Crypto Devs, Watch Out!

Ripple's xrpl.js library was backdoored to steal private keys! Over 2.9M downloads, 135K devs at risk.

🗓️ Malicious versions: 4.2.1–4.2.4, 2.14.2
🛡️ Safe versions: 4.2.5, 2.14.3
👤 Hacker hijacked a Ripple dev's npm account on April 21, 2025.

🔗 Learn more: https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html

🚨 New Tactics from Russian Hackers!

Since March 2025, Russian threat groups UTA0352 & UTA0355 are targeting Ukraine-linked orgs via Microsoft 365 OAuth abuse.

No fake sites—just official Microsoft URLs, real Signal/WhatsApp invites, and compromised Ukrainian Gov accounts.

🔗 Learn more: https://thehackernews.com/2025/04/russian-hackers-exploit-microsoft-oauth.html

👀 Phishing isn't just an email problem anymore!

2025's #1 breach method? Identity attacks — phishing + stolen creds now top software exploits. MFA? Often bypassed. Detection? Too slow.

Real-time browser-based defense is the future. Stop attacks before passwords are stolen.

Learn more: https://thehackernews.com/2025/04/three-reasons-why-browser-is-best-for.html

⚠️ Target: Russian Military!

Android.Spy.1292.origin spyware steals data via fake Alpine Quest apps.

— Spread via fake Telegram & Rus. app stores
— Steals loc., contacts, files
— Sends data to Telegram bot, runs hidden malware

Doctor Web says it mimics Alpine Quest Pro, widely used in military zones.

Read: https://thehackernews.com/2025/04/android-spyware-disguised-as-alpine.html

👀 Kaspersky found a Windows backdoor in fake ViPNet updates targeting Russian government, finance, and industry.

💼 Dream Job? Or Cyber Trap?

Iranian hackers UNC2428 lured Israelis with fake jobs at defense giant Rafael. Victims downloaded “RafaelConnect.exe” — a trap that secretly installed the MURKYTOUR backdoor, giving attackers full access.

Read now → https://thehackernews.com/2025/04/iran-linked-hackers-target-israel-with.html

DPRK hackers are inside Web3—stealing crypto to fund WMDs.

In 2023, $137M stolen in 1 day via phishing. In 2024, they used deepfakes to win real jobs & extort firms. 12 fake identities at one US firm alone.

Learn more: https://thehackernews.com/2025/04/dprk-hackers-steal-137m-from-tron-users.html

🔒 WhatsApp rolls out Advanced Chat Privacy!

🔸 Blocks chat exports, auto-downloads, & AI use in sensitive convos.
🔸 Still allows screenshots & manual media saves.
🔸 Available now for all users on the latest update.

Update to try it 👉 https://thehackernews.com/2025/04/whatsapp-adds-advanced-chat-privacy-to.html