🔐 Microsoft goes passwordless by default for all new accounts.

No more passwords at sign-up—just passkeys, using biometrics or device PINs. It's phishing-resistant, backed by FIDO standards.

Existing users? You can remove your password now from settings.

Learn more: https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html

🔥 Automate the chaos. Stay ahead of CVEs.

LivePerson slashed vuln ticketing time by 60% using a free Tines workflow that:

→ Auto-pulls CISA alerts
→ Enriches with CrowdStrike
→ Sends Slack buttons
→ Creates ServiceNow tickets

No manual tracking. No delays. Just speed.

👀 See how your team can do it too: https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html

🚨 TikTok Fined €530M for secretly storing EU user data in China, violating GDPR rules.

🇪🇺 Ireland’s DPC says TikTok misled regulators, failed to ensure EU-level privacy, and ignored China’s surveillance risks.

They now have 6 months to stop transfers.

🔗 Read more: https://thehackernews.com/2025/05/tiktok-slammed-with-530-million-gdpr.html

📉 Second major GDPR fine after a €345M penalty in 2023.

🚨 U.S. charges Yemeni national with deploying Black Kingdom ransomware on 1,500+ systems—from hospitals to schools—via Microsoft ProxyLogon.

💥 Targets paid in Bitcoin.

🔗 Read more: https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html

🔥 Two years inside. Nation-state footprints. Critical infrastructure targeted.

Fortinet links Iranian APT Lemon Sandstorm to a stealthy attack on a Middle East CNI (May '23–Feb '25).
Used VPN exploits, chained proxies, 7 custom backdoors across 4 phases.

Read this story ➡️ https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html

🚨 Malicious Go modules are nuking Linux systems—wiping entire disks beyond recovery using hidden payloads.

🧨 3 GitHub-hosted packages posed as dev tools. Once run on Linux, they downloaded a script to overwrite /dev/sda—killing the OS.

At the same time, npm & PyPI malware is:
| 🪙 Stealing crypto keys
| 📧 Using Gmail to exfiltrate data
| 🔁 Hiding via WebSockets

👀 Over 75,000+ downloads so far.

Read → https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html

🚨 New malware drop from Golden Chickens: TerraStealerV2 steals browser logins, crypto wallets, and extensions, while TerraLogger silently records keystrokes.

📦 Spread via EXE, MSI, LNK, OCX
📤 Sends data to Telegram + shady domain

🔗 Read this report: https://thehackernews.com/2025/05/golden-chickens-deploy-terrastealerv2.html

🚨 You’re not running a security team. You're the security team.

One inbox. One admin panel. A hundred fire drills. Google Workspace helps—but attackers slip through the cracks.

🔍 Identity is the new perimeter.
🔐 MFA, context-aware access, DLP—start there.
🛠️ Then, monitor, review, remediate.

You don’t need perfection. You need visibility and control.

See how it works → https://thehackernews.com/2025/05/perfection-is-myth-leverage-isnt-how.html

🚨 Zero-click, max impact — and it's already being exploited.

A critical Commvault bug (CVE-2025-34028, CVSS 10.0) lets hackers upload poisoned ZIPs, leading to full remote code execution—no login needed.

Read: https://thehackernews.com/2025/05/commvault-cve-2025-34028-added-to-cisa.html

Deadline for U.S. agencies: May 23.

🚨 Zero-click. Wormable. Network-spreading.

New flaws in Apple’s AirPlay protocol (🔓 AirBorne) could let hackers hijack your device without a click—then ride your Wi-Fi into corporate networks.

CVE-2025-24252 + CVE-2025-24132 = silent RCE across Macs, TVs, speakers. Just being on the same Wi-Fi can be enough.

🔗 Learn more: https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html

📲 Update all AirPlay-enabled devices now—personal & work.

🔥 New Edition Just Dropped!

Cybersecurity Weekly Recap | May 5 —— From nation-state hacks to deepfake-ready malware, this week’s intel is packed:

• Iranian APT lurked 2 yrs in critical infra
• Claude chatbot abused for political ops
• TikTok hit with $601M fine over China data
• 30+ new CVEs to patch now
• Magento supply chain backdoor activated after 6 yrs

Read the full recap → https://thehackernews.com/2025/05/weekly-recap-nation-state-hacks-spyware.html

🛑 Critical Langflow Flaw Actively Exploited!

CISA has added CVE-2025-3248 to its Known Exploited Vulnerabilities list.

• CVSS: 9.8
• Affects most Langflow versions
• Allows remote code execution without login
• PoC exploit published April 9
• 466 servers exposed worldwide

➡️ Full story: https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html

🚨 Exploited in the wild. No user click needed.

Google patches 46 Android flaws, including CVE-2025-27363—a critical System bug tied to the FreeType font engine.

Discovered by Meta in March, it's now confirmed active.

🔗 Learn more: https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html

🔥 AI agents are the new insider threat—fast, autonomous, and already slipping past security.

Meanwhile, users just want to work—on personal devices, with unsanctioned apps, and now AI tools.

The Access-Trust Gap is real—and growing.

✅ It’s time to move from blocking to governing access, for humans and machines.

👉 Read more from Dave Lewis, Global Advisory CISO at 1Password: https://thehackernews.com/expert-insights/2025/05/ai-access-trust-gap-droids-were-looking.html

🚨 UPDATE - Darcula’s secret weapon exposed!

NRK & Mnemonic uncover Magic Cat — a phishing toolkit behind 884K+ stolen cards in 7 months.

🔹 13M+ clicked links
🔹 600+ scammers
🔹 Real-time data & PIN capture
🔹 19K+ victims in Norway alone

Dev behind it? A 24-year-old from China.
The company? Claims it’s just “a website builder.”

🔗 Full story: https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html

🚨 Plug-and-play ≠ safe.

Default Helm charts are silently exposing your Kubernetes clusters to attackers.

Microsoft warns: popular open-source tools like Apache Pinot, Meshery & Selenium Grid ship with no auth, open ports, and public IPs by default.

Details → https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html

Act now:
✔️ Audit Helm charts & YAMLs
✔️ Lock down network exposure
✔️ Monitor container behavior

🚨 600 million attacks hit Microsoft Entra ID—every single day.

It’s the heart of your access and identity. If it goes down, everything stops:

❌ No logins
❌ No compliance
❌ No recovery

Built-in tools won’t save you.

You need full backup and fast recovery. Because when identity breaks, so does your business.

Learn more: https://thehackernews.com/2025/05/entra-id-data-protectionessential-or.html

🔥 Not your typical breach…

Verizon’s 2025 DBIR shows:
➡️ Third-party breaches doubled (15% → 30%)
➡️ Attackers now target machine accounts more than ever

👀 Identity sprawl = rising risk.

Human or machine — if it’s not governed, it’s vulnerable.

🔗 Learn why unified identity security is no longer optional → https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html

🚨 Cybercrime meets Hollywood glitz — and it's all fake.

Two threat groups, Reckless Rabbit & Ruthless Rabbit, are scamming thousands using AI deepfakes, celebrity endorsements, and fake investment sites via Facebook ads.

Victims? Lured in, validated, then drained.

Meanwhile, Facebook ad slots are being flooded with “mystery box” clearance scams for $2 Apple products — but the only surprise is recurring charges and stolen data.

Read. Verify. Warn others. | Full story ➝ https://thehackernews.com/2025/05/new-investment-scams-use-facebook-ads.html

🔥 Old IoT devices are now botnet soldiers.

Hackers are hijacking end-of-life GeoVision gear & Samsung MagicINFO servers to spread Mirai malware, launching DDoS attacks via unpatched flaws (CVSS 9.8, 8.8).

Exploits live. PoC dropped. Attacks rising.

If you’re running outdated firmware—you’re already a target.

Read this report: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html