🚨 UPDATE: Outlaw Botnet Returns After 3-Month Silence 👀

Kaspersky confirms: Outlaw, a Perl-based crypto-mining botnet, is back—targeting Linux systems in Brazil with brute-force SSH attacks.

🧪 New tactics spotted:
Deploys XMRig miner & IRC-based backdoor
Kills rival miners & high-CPU processes
Masquerades as rsync, evades termination
Allows DDoS, remote control, file exfiltration

📊 Victims detected in 🇺🇸🇧🇷🇩🇪🇮🇹🇹🇭🇸🇬🇹🇼🇨🇦

👉 Full report + latest update (May 1): https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html

👀 The tools are evolving. So is the intent.

A stealthy phishing wave is slamming key Russian industries with DarkWatchman malware. It evades detection and vanishes on command.

Meanwhile, a new backdoor called Sheriff breached a major Ukrainian platform to spy on defense targets—quiet, persistent, and dangerous.

🔗 Learn more: https://thehackernews.com/2025/05/darkwatchman-sheriff-malware-hit-russia.html

🚨 AI meets Influence-as-a-Service with chilling implications.

Anthropic's Claude chatbot was hijacked to run a botnet that:

• Created 100+ fake personas
• Engaged thousands of users
• Spread pro-UAE, anti-EU, and political propaganda in 🇮🇷, 🇪🇺, 🇰🇪

Worse, it aided criminals in writing malware, scraping security cam passwords, and running job scams.

🔗 Read: https://thehackernews.com/2025/05/claude-ai-exploited-to-operate-100-fake.html

🚨 569,000 alerts. Only 202 matter.

OX Security’s 2025 report reveals: 95–98% of AppSec alerts are noise—wasting time, burning budgets, and stalling innovation.

🔍 Focus on what’s real—KEVs, secrets, exploitable flaws.

Learn How: https://thehackernews.com/2025/05/new-research-reveals-95-of-appsec-fixes.html

🛑 Nation-state hackers breached Commvault’s Azure-hosted environment by exploiting a zero-day in Commvault’s own web server — CVE-2025-3928.

👀 Check sign-ins
🚫 Block malicious IPs
📑 Report activity fast

Read now → https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html

🚨 Your tools say you're safe. Attackers know you're not.

They slip past EDR, hide in legit traffic, and lurk for weeks.

That’s why SOC teams are turning to Network Detection & Response (NDR)—the only way to see what endpoint tools miss.

The network doesn’t lie.

Learn more: https://thehackernews.com/2025/05/why-top-soc-teams-are-shifting-to.html

🛑 Hackers are disguising malware as security plugins to hijack sites, inject spammy ads, steal credit cards, & even re-install themselves if deleted.

Some victims are unknowingly losing their own AdSense earnings.

💣 Features: Remote code execution, reverse proxy skimming, JS-based backdoors.

🔗 Read: https://thehackernews.com/2025/05/fake-security-plugin-on-wordpress.html

🚨 AI isn’t just writing your code — it’s leaking your secrets.

New GitGuardian data shows AI-assisted repos leak secrets 40% more often than average.

📊 1,200+ repos leaked secrets in 2025 alone.

👉 Don’t trust. Verify. Full report: https://thehackernews.com/expert-insights/2025/04/the-new-frontier-of-security-risk-ai.html

🔥 UPDATE - A public PoC exploit is now available for a serious SonicWall SMA exploit chain.

➡️ CVE-2024-38475: Apache HTTP Server flaw used to bypass auth
➡️ CVE-2023-44221: Post-auth command injection via Diagnostics menu

CISA has added both to the KEV catalog — federal patch deadline: May 22, 2025.
Exploitation is already active in the wild.

📎 Details + PoC: https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html

🔐 Microsoft goes passwordless by default for all new accounts.

No more passwords at sign-up—just passkeys, using biometrics or device PINs. It's phishing-resistant, backed by FIDO standards.

Existing users? You can remove your password now from settings.

Learn more: https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html

🔥 Automate the chaos. Stay ahead of CVEs.

LivePerson slashed vuln ticketing time by 60% using a free Tines workflow that:

→ Auto-pulls CISA alerts
→ Enriches with CrowdStrike
→ Sends Slack buttons
→ Creates ServiceNow tickets

No manual tracking. No delays. Just speed.

👀 See how your team can do it too: https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html

🚨 TikTok Fined €530M for secretly storing EU user data in China, violating GDPR rules.

🇪🇺 Ireland’s DPC says TikTok misled regulators, failed to ensure EU-level privacy, and ignored China’s surveillance risks.

They now have 6 months to stop transfers.

🔗 Read more: https://thehackernews.com/2025/05/tiktok-slammed-with-530-million-gdpr.html

📉 Second major GDPR fine after a €345M penalty in 2023.

🚨 U.S. charges Yemeni national with deploying Black Kingdom ransomware on 1,500+ systems—from hospitals to schools—via Microsoft ProxyLogon.

💥 Targets paid in Bitcoin.

🔗 Read more: https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html

🔥 Two years inside. Nation-state footprints. Critical infrastructure targeted.

Fortinet links Iranian APT Lemon Sandstorm to a stealthy attack on a Middle East CNI (May '23–Feb '25).
Used VPN exploits, chained proxies, 7 custom backdoors across 4 phases.

Read this story ➡️ https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html

🚨 Malicious Go modules are nuking Linux systems—wiping entire disks beyond recovery using hidden payloads.

🧨 3 GitHub-hosted packages posed as dev tools. Once run on Linux, they downloaded a script to overwrite /dev/sda—killing the OS.

At the same time, npm & PyPI malware is:
| 🪙 Stealing crypto keys
| 📧 Using Gmail to exfiltrate data
| 🔁 Hiding via WebSockets

👀 Over 75,000+ downloads so far.

Read → https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html

🚨 New malware drop from Golden Chickens: TerraStealerV2 steals browser logins, crypto wallets, and extensions, while TerraLogger silently records keystrokes.

📦 Spread via EXE, MSI, LNK, OCX
📤 Sends data to Telegram + shady domain

🔗 Read this report: https://thehackernews.com/2025/05/golden-chickens-deploy-terrastealerv2.html

🚨 You’re not running a security team. You're the security team.

One inbox. One admin panel. A hundred fire drills. Google Workspace helps—but attackers slip through the cracks.

🔍 Identity is the new perimeter.
🔐 MFA, context-aware access, DLP—start there.
🛠️ Then, monitor, review, remediate.

You don’t need perfection. You need visibility and control.

See how it works → https://thehackernews.com/2025/05/perfection-is-myth-leverage-isnt-how.html

🚨 Zero-click, max impact — and it's already being exploited.

A critical Commvault bug (CVE-2025-34028, CVSS 10.0) lets hackers upload poisoned ZIPs, leading to full remote code execution—no login needed.

Read: https://thehackernews.com/2025/05/commvault-cve-2025-34028-added-to-cisa.html

Deadline for U.S. agencies: May 23.

🚨 Zero-click. Wormable. Network-spreading.

New flaws in Apple’s AirPlay protocol (🔓 AirBorne) could let hackers hijack your device without a click—then ride your Wi-Fi into corporate networks.

CVE-2025-24252 + CVE-2025-24132 = silent RCE across Macs, TVs, speakers. Just being on the same Wi-Fi can be enough.

🔗 Learn more: https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html

📲 Update all AirPlay-enabled devices now—personal & work.

🔥 New Edition Just Dropped!

Cybersecurity Weekly Recap | May 5 —— From nation-state hacks to deepfake-ready malware, this week’s intel is packed:

• Iranian APT lurked 2 yrs in critical infra
• Claude chatbot abused for political ops
• TikTok hit with $601M fine over China data
• 30+ new CVEs to patch now
• Magento supply chain backdoor activated after 6 yrs

Read the full recap → https://thehackernews.com/2025/05/weekly-recap-nation-state-hacks-spyware.html