🚨 New Espionage Alert!

A Russian-speaking APT group, Nebulous Mantis, is deploying the stealthy RomCom RAT to target NATO-linked entities, gov agencies, and critical infra — using bulletproof hosting, IPFS, and over 40 remote commands.

🔗 See how it works, who’s behind it, and why it matters now: https://thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html

It’s back! XPOSURE 2025 returns for its fourth year, focused on what matters most: reducing cyber risk exposure.

Join Pentera and top cybersecurity leaders at the National Exposure Management vSummit to discover how leading security teams are taking a proactive approach to managing enterprise-wide exposure.

🎁 Bonus: The first 150 registrants will receive an Uber Eats voucher upon registration!

📅 June 18 | 11 AM ET | Virtual

🔗 Register now: https://thn.news/xposure2025-pentera

#XPOSURE2025 #ExposureManagement #CyberSecurityLeadership #EnterpriseSecurity

🚨 AI tools are learning too fast—and so are attackers.

New report reveals how MCP & A2A protocols can be hijacked to leak emails, spoof agents, and silently override tool logic.

🔍 Tool poisoning
🧠 Prompt injection
🕵️ Agent impersonation

Even benign tools can flip malicious—no warning, no second prompt.

👉 Learn about this new AI attack surface → https://thehackernews.com/2025/04/experts-uncover-critical-mcp-and-a2a.html

👤 Hackers aren’t cracking passwords anymore—they’re impersonating you.

From AI deepfakes to social engineering, attackers now exploit weak links before and after login—like during account recovery or onboarding.

🔐 Orgs secure login, but not full identity lifecycle. Join free webinar to learn:

✅ Enforce phishing-resistant MFA
✅ Secure device trust
✅ Protect identity from onboarding to recovery

👉 Register now — https://thehackernews.com/2025/04/free-webinar-guide-to-securing-your.html

🚨 SonicWall SMA Devices Under Attack!

2 critical flaws (CVEs 2023-44221 & 2024-38475) are being actively exploited in the wild. One allows OS command injection, the other enables session hijacking via Apache rewrite abuse.

SonicWall urges admins:
🔍 Check for unauthorized logins
🛡️ Patch immediately

👉 Details: https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html

🚨 UPDATE: Outlaw Botnet Returns After 3-Month Silence 👀

Kaspersky confirms: Outlaw, a Perl-based crypto-mining botnet, is back—targeting Linux systems in Brazil with brute-force SSH attacks.

🧪 New tactics spotted:
Deploys XMRig miner & IRC-based backdoor
Kills rival miners & high-CPU processes
Masquerades as rsync, evades termination
Allows DDoS, remote control, file exfiltration

📊 Victims detected in 🇺🇸🇧🇷🇩🇪🇮🇹🇹🇭🇸🇬🇹🇼🇨🇦

👉 Full report + latest update (May 1): https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html

👀 The tools are evolving. So is the intent.

A stealthy phishing wave is slamming key Russian industries with DarkWatchman malware. It evades detection and vanishes on command.

Meanwhile, a new backdoor called Sheriff breached a major Ukrainian platform to spy on defense targets—quiet, persistent, and dangerous.

🔗 Learn more: https://thehackernews.com/2025/05/darkwatchman-sheriff-malware-hit-russia.html

🚨 AI meets Influence-as-a-Service with chilling implications.

Anthropic's Claude chatbot was hijacked to run a botnet that:

• Created 100+ fake personas
• Engaged thousands of users
• Spread pro-UAE, anti-EU, and political propaganda in 🇮🇷, 🇪🇺, 🇰🇪

Worse, it aided criminals in writing malware, scraping security cam passwords, and running job scams.

🔗 Read: https://thehackernews.com/2025/05/claude-ai-exploited-to-operate-100-fake.html

🚨 569,000 alerts. Only 202 matter.

OX Security’s 2025 report reveals: 95–98% of AppSec alerts are noise—wasting time, burning budgets, and stalling innovation.

🔍 Focus on what’s real—KEVs, secrets, exploitable flaws.

Learn How: https://thehackernews.com/2025/05/new-research-reveals-95-of-appsec-fixes.html

🛑 Nation-state hackers breached Commvault’s Azure-hosted environment by exploiting a zero-day in Commvault’s own web server — CVE-2025-3928.

👀 Check sign-ins
🚫 Block malicious IPs
📑 Report activity fast

Read now → https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html

🚨 Your tools say you're safe. Attackers know you're not.

They slip past EDR, hide in legit traffic, and lurk for weeks.

That’s why SOC teams are turning to Network Detection & Response (NDR)—the only way to see what endpoint tools miss.

The network doesn’t lie.

Learn more: https://thehackernews.com/2025/05/why-top-soc-teams-are-shifting-to.html

🛑 Hackers are disguising malware as security plugins to hijack sites, inject spammy ads, steal credit cards, & even re-install themselves if deleted.

Some victims are unknowingly losing their own AdSense earnings.

💣 Features: Remote code execution, reverse proxy skimming, JS-based backdoors.

🔗 Read: https://thehackernews.com/2025/05/fake-security-plugin-on-wordpress.html

🚨 AI isn’t just writing your code — it’s leaking your secrets.

New GitGuardian data shows AI-assisted repos leak secrets 40% more often than average.

📊 1,200+ repos leaked secrets in 2025 alone.

👉 Don’t trust. Verify. Full report: https://thehackernews.com/expert-insights/2025/04/the-new-frontier-of-security-risk-ai.html

🔥 UPDATE - A public PoC exploit is now available for a serious SonicWall SMA exploit chain.

➡️ CVE-2024-38475: Apache HTTP Server flaw used to bypass auth
➡️ CVE-2023-44221: Post-auth command injection via Diagnostics menu

CISA has added both to the KEV catalog — federal patch deadline: May 22, 2025.
Exploitation is already active in the wild.

📎 Details + PoC: https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html

🔐 Microsoft goes passwordless by default for all new accounts.

No more passwords at sign-up—just passkeys, using biometrics or device PINs. It's phishing-resistant, backed by FIDO standards.

Existing users? You can remove your password now from settings.

Learn more: https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html

🔥 Automate the chaos. Stay ahead of CVEs.

LivePerson slashed vuln ticketing time by 60% using a free Tines workflow that:

→ Auto-pulls CISA alerts
→ Enriches with CrowdStrike
→ Sends Slack buttons
→ Creates ServiceNow tickets

No manual tracking. No delays. Just speed.

👀 See how your team can do it too: https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html

🚨 TikTok Fined €530M for secretly storing EU user data in China, violating GDPR rules.

🇪🇺 Ireland’s DPC says TikTok misled regulators, failed to ensure EU-level privacy, and ignored China’s surveillance risks.

They now have 6 months to stop transfers.

🔗 Read more: https://thehackernews.com/2025/05/tiktok-slammed-with-530-million-gdpr.html

📉 Second major GDPR fine after a €345M penalty in 2023.

🚨 U.S. charges Yemeni national with deploying Black Kingdom ransomware on 1,500+ systems—from hospitals to schools—via Microsoft ProxyLogon.

💥 Targets paid in Bitcoin.

🔗 Read more: https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html

🔥 Two years inside. Nation-state footprints. Critical infrastructure targeted.

Fortinet links Iranian APT Lemon Sandstorm to a stealthy attack on a Middle East CNI (May '23–Feb '25).
Used VPN exploits, chained proxies, 7 custom backdoors across 4 phases.

Read this story ➡️ https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html

🚨 Malicious Go modules are nuking Linux systems—wiping entire disks beyond recovery using hidden payloads.

🧨 3 GitHub-hosted packages posed as dev tools. Once run on Linux, they downloaded a script to overwrite /dev/sda—killing the OS.

At the same time, npm & PyPI malware is:
| 🪙 Stealing crypto keys
| 📧 Using Gmail to exfiltrate data
| 🔁 Hiding via WebSockets

👀 Over 75,000+ downloads so far.

Read → https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html