🚨 Cybercrime meets Hollywood glitz — and it's all fake.

Two threat groups, Reckless Rabbit & Ruthless Rabbit, are scamming thousands using AI deepfakes, celebrity endorsements, and fake investment sites via Facebook ads.

Victims? Lured in, validated, then drained.

Meanwhile, Facebook ad slots are being flooded with “mystery box” clearance scams for $2 Apple products — but the only surprise is recurring charges and stolen data.

Read. Verify. Warn others. | Full story ➝ https://thehackernews.com/2025/05/new-investment-scams-use-facebook-ads.html

🔥 Old IoT devices are now botnet soldiers.

Hackers are hijacking end-of-life GeoVision gear & Samsung MagicINFO servers to spread Mirai malware, launching DDoS attacks via unpatched flaws (CVSS 9.8, 8.8).

Exploits live. PoC dropped. Attacks rising.

If you’re running outdated firmware—you’re already a target.

Read this report: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html

⚖️ A U.S. jury just hit NSO Group with $168M in damages for using Pegasus spyware to hack WhatsApp users in 51 countries—including 456 in Mexico, 100 in India, and dozens more in Bahrain, Morocco & Pakistan.

Meta proved NSO used a zero-day in WhatsApp calls (CVE-2019-3568) to silently hack phones—no tap needed.

🔗 Details: https://thehackernews.com/2025/05/nso-group-fined-168m-for-targeting-1400.html

🧪 Looks like a harmless Discord dev tool…

But behind the scenes? Full remote access.

📦 A fake PyPI package has 11,574+ installs
💥 Still live. Still dangerous.
😨 You won’t believe how it bypasses firewalls.

And it’s not the only one.

👀 What else is hiding in your software stack?

Read the full uncovering by researchers: https://thehackernews.com/2025/05/researchers-uncover-malware-in-fake.html

🚨 A U.S. org was hit by Play ransomware using CVE-2025-29824 before it was patched. Attackers slipped in via a Cisco ASA, dropped fake Palo Alto files, stole AD data, and planted custom tools — but didn’t launch ransomware.

🔗 Read: https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html

🚨 Your SSE stack sees the network—but not the browser.

🔹 It can’t tell if a user pastes code into ChatGPT.
🔹 Or uploads IP to Dropbox.
🔹 Or uses a personal Google Drive.
🔹 Or if a browser extension is stealing credentials.

That’s the last mile—and it’s unprotected.

A new report reveals the blind spot in today’s SSE architectures… and what’s needed to fix it.

👉 Don’t secure half the picture | Read the report: https://thehackernews.com/2025/05/reevaluating-sses-technical-gap.html

🚨 No login. Full access. One POST request.

A newly revealed exploit chain in on-prem SysAid lets attackers go from XXE injection to admin takeover—and that’s before combining it with OS-level command injection.

Details: https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html

Admins, don’t wait—patch now.

Don’t let attackers turn your own tools against you. 🚨

Bitdefender brings true innovation to endpoint security with the launch of GravityZone PHASR — the industry’s first solution to dynamically tailor hardening for each user.

Learn more: https://thn.news/gravityzone-phasr

🚨 100K+ WordPress sites at risk!

A critical OttoKit flaw (CVSS 9.8) is under active attack—no login needed.

Two bugs. One exploit chain. Admin access in minutes.

Full story, attack IPs, and fix → https://thehackernews.com/2025/05/ottokit-wordpress-plugin-with-100k.html

💪 Europol just dismantled 6 major DDoS-for-hire services used to launch thousands of global attacks—for as little as €10 a hit.

🔹 4 arrested in Poland
🔹 9 domains seized by the U.S.
🔹 Operation PowerOFF strikes again.

These slick platforms let anyone pay to flood schools, gov sites & gaming servers offline, no tech skills needed.

🔗 Read → https://thehackernews.com/2025/05/europol-shuts-down-six-ddos-for-hire.html

🚨 Update: The latest version of Samsung MagicINFO 9 Server is being actively exploited—despite a patch issued in Aug 2024.

🔍 Researchers at Huntress say the flaw is still vulnerable to attack via a public PoC.

🔗 Read: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html

🛑 New Cisco flaw scores a perfect 10.0 CVSS.

A hardcoded token. Root access. No login needed.

If you run Catalyst 9800 wireless controllers, you’ll want to check this fast.

👉 Read more about CVE-2025-20188 here: https://thehackernews.com/2025/05/cisco-patches-cve-2025-20188-100-cvss.html

🛠️ Microsoft hit 1,360 new vulnerabilities in 2024 — a record high. But here’s the twist—critical flaws are at a decade low.

So why are security leaders still on edge? Legacy code, AI risks, unstable patches… and a looming October 2025 deadline.

💥 The real threat isn’t always the loudest one.

Get the full story in the 2025 Microsoft Vulnerabilities Report: https://thehackernews.com/expert-insights/2025/05/dissecting-2025-microsoft.html

⚠️"I’m not a robot" just became dangerous.

A Russia-linked group is using fake CAPTCHAs and PowerShell tricks to quietly deploy a new espionage tool—LOSTKEYS.

Targets? The usual... and some surprising ones.

Read full story → https://thehackernews.com/2025/05/russian-hackers-using-clickfix-fake.html

🚨 China-linked hackers hit Japan & Taiwan!

Govt agencies were targeted with ROAMINGMOUSE, a stealthy Excel-based malware dropper delivering an upgraded ANEL backdoor.

It starts with a real OneDrive link. Ends with deep system access.

But there’s more under the surface...

🔗 See how the attack works → https://thehackernews.com/2025/05/mirrorface-targets-japan-and-taiwan.html

🔐 Learn from industry experts and gain hands-on experience with integrated cybersecurity strategies, policies, and safeguards.

Don’t miss this event → https://thn.news/gc-cyber-risk-fb

🚨 AI is only as secure as the data it relies on.

As generative AI adoption grows, one question matters most:

Can you trust your data?

Sentra Security’s latest blog breaks down why visibility & control are key to safe, reliable AI.

Read more 👉 https://thn.news/ai-secure-data-x

🚨 Qilin Ransomware Surges to #1

A stealthy tool called NETXLOADER is fueling Qilin’s explosive growth—45 victims in April alone, across sectors like healthcare, finance, and tech.

Find details here — https://thehackernews.com/2025/05/qilin-leads-april-2025-ransomware-spike.html

⚠️ Another one? A SonicWall bug from 2021 just came back—and might’ve been exploited.

Now, 3 new flaws in SMA 100 appliances open the door to root-level access via VPN.

Don’t wait for PoC exploit | Update now → v10.2.1.15-81sv

🔗 Details here: https://thehackernews.com/2025/05/sonicwall-patches-3-flaws-in-sma-100.html

🔥 38,000+ fake sites. Millions stolen. AI-written lures.

A stealthy phishing network ("FreeDrain") is hijacking Google results to drain crypto wallets in minutes.

👀 Seed phrases, Discord traps, fake wallet UIs... all fair game.

See how it works → https://thehackernews.com/2025/05/38000-freedrain-subdomains-found.html