🧪 Looks like a harmless Discord dev tool…
But behind the scenes? Full remote access.
📦 A fake PyPI package has 11,574+ installs
💥 Still live. Still dangerous.
😨 You won’t believe how it bypasses firewalls.
And it’s not the only one.
👀 What else is hiding in your software stack?
Read the full uncovering by researchers: https://thehackernews.com/2025/05/researchers-uncover-malware-in-fake.html
But behind the scenes? Full remote access.
📦 A fake PyPI package has 11,574+ installs
💥 Still live. Still dangerous.
😨 You won’t believe how it bypasses firewalls.
And it’s not the only one.
👀 What else is hiding in your software stack?
Read the full uncovering by researchers: https://thehackernews.com/2025/05/researchers-uncover-malware-in-fake.html
👍9🤯5👏1
🚨 A U.S. org was hit by Play ransomware using CVE-2025-29824 before it was patched. Attackers slipped in via a Cisco ASA, dropped fake Palo Alto files, stole AD data, and planted custom tools — but didn’t launch ransomware.
🔗 Read: https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html
🔗 Read: https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html
👍8🔥6
🚨 Your SSE stack sees the network—but not the browser.
🔹 It can’t tell if a user pastes code into ChatGPT.
🔹 Or uploads IP to Dropbox.
🔹 Or uses a personal Google Drive.
🔹 Or if a browser extension is stealing credentials.
That’s the last mile—and it’s unprotected.
A new report reveals the blind spot in today’s SSE architectures… and what’s needed to fix it.
👉 Don’t secure half the picture | Read the report: https://thehackernews.com/2025/05/reevaluating-sses-technical-gap.html
🔹 It can’t tell if a user pastes code into ChatGPT.
🔹 Or uploads IP to Dropbox.
🔹 Or uses a personal Google Drive.
🔹 Or if a browser extension is stealing credentials.
That’s the last mile—and it’s unprotected.
A new report reveals the blind spot in today’s SSE architectures… and what’s needed to fix it.
👉 Don’t secure half the picture | Read the report: https://thehackernews.com/2025/05/reevaluating-sses-technical-gap.html
👍9
🚨 No login. Full access. One POST request.
A newly revealed exploit chain in on-prem SysAid lets attackers go from XXE injection to admin takeover—and that’s before combining it with OS-level command injection.
Details: https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html
Admins, don’t wait—patch now.
A newly revealed exploit chain in on-prem SysAid lets attackers go from XXE injection to admin takeover—and that’s before combining it with OS-level command injection.
Details: https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html
Admins, don’t wait—patch now.
👍15😁6⚡2
Don’t let attackers turn your own tools against you. 🚨
Bitdefender brings true innovation to endpoint security with the launch of GravityZone PHASR — the industry’s first solution to dynamically tailor hardening for each user.
Learn more: https://thn.news/gravityzone-phasr
Bitdefender brings true innovation to endpoint security with the launch of GravityZone PHASR — the industry’s first solution to dynamically tailor hardening for each user.
Learn more: https://thn.news/gravityzone-phasr
👍12
🚨 100K+ WordPress sites at risk!
A critical OttoKit flaw (CVSS 9.8) is under active attack—no login needed.
Two bugs. One exploit chain. Admin access in minutes.
Full story, attack IPs, and fix → https://thehackernews.com/2025/05/ottokit-wordpress-plugin-with-100k.html
A critical OttoKit flaw (CVSS 9.8) is under active attack—no login needed.
Two bugs. One exploit chain. Admin access in minutes.
Full story, attack IPs, and fix → https://thehackernews.com/2025/05/ottokit-wordpress-plugin-with-100k.html
👍11🤯2
💪 Europol just dismantled 6 major DDoS-for-hire services used to launch thousands of global attacks—for as little as €10 a hit.
🔹 4 arrested in Poland
🔹 9 domains seized by the U.S.
🔹 Operation PowerOFF strikes again.
These slick platforms let anyone pay to flood schools, gov sites & gaming servers offline, no tech skills needed.
🔗 Read → https://thehackernews.com/2025/05/europol-shuts-down-six-ddos-for-hire.html
🔹 4 arrested in Poland
🔹 9 domains seized by the U.S.
🔹 Operation PowerOFF strikes again.
These slick platforms let anyone pay to flood schools, gov sites & gaming servers offline, no tech skills needed.
🔗 Read → https://thehackernews.com/2025/05/europol-shuts-down-six-ddos-for-hire.html
👍21😁10🔥6👏5🤔3
🚨 Update: The latest version of Samsung MagicINFO 9 Server is being actively exploited—despite a patch issued in Aug 2024.
🔍 Researchers at Huntress say the flaw is still vulnerable to attack via a public PoC.
🔗 Read: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html
🔍 Researchers at Huntress say the flaw is still vulnerable to attack via a public PoC.
🔗 Read: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html
👍9😱4
🛑 New Cisco flaw scores a perfect 10.0 CVSS.
A hardcoded token. Root access. No login needed.
If you run Catalyst 9800 wireless controllers, you’ll want to check this fast.
👉 Read more about CVE-2025-20188 here: https://thehackernews.com/2025/05/cisco-patches-cve-2025-20188-100-cvss.html
A hardcoded token. Root access. No login needed.
If you run Catalyst 9800 wireless controllers, you’ll want to check this fast.
👉 Read more about CVE-2025-20188 here: https://thehackernews.com/2025/05/cisco-patches-cve-2025-20188-100-cvss.html
🤯19😁5⚡4🔥4👍2
🛠️ Microsoft hit 1,360 new vulnerabilities in 2024 — a record high. But here’s the twist—critical flaws are at a decade low.
So why are security leaders still on edge? Legacy code, AI risks, unstable patches… and a looming October 2025 deadline.
💥 The real threat isn’t always the loudest one.
Get the full story in the 2025 Microsoft Vulnerabilities Report: https://thehackernews.com/expert-insights/2025/05/dissecting-2025-microsoft.html
So why are security leaders still on edge? Legacy code, AI risks, unstable patches… and a looming October 2025 deadline.
💥 The real threat isn’t always the loudest one.
Get the full story in the 2025 Microsoft Vulnerabilities Report: https://thehackernews.com/expert-insights/2025/05/dissecting-2025-microsoft.html
😁17🤔7👍2👏2
⚠️"I’m not a robot" just became dangerous.
A Russia-linked group is using fake CAPTCHAs and PowerShell tricks to quietly deploy a new espionage tool—LOSTKEYS.
Targets? The usual... and some surprising ones.
Read full story → https://thehackernews.com/2025/05/russian-hackers-using-clickfix-fake.html
A Russia-linked group is using fake CAPTCHAs and PowerShell tricks to quietly deploy a new espionage tool—LOSTKEYS.
Targets? The usual... and some surprising ones.
Read full story → https://thehackernews.com/2025/05/russian-hackers-using-clickfix-fake.html
😁13🔥9👍6🤯4🤔1
🚨 China-linked hackers hit Japan & Taiwan!
Govt agencies were targeted with ROAMINGMOUSE, a stealthy Excel-based malware dropper delivering an upgraded ANEL backdoor.
It starts with a real OneDrive link. Ends with deep system access.
But there’s more under the surface...
🔗 See how the attack works → https://thehackernews.com/2025/05/mirrorface-targets-japan-and-taiwan.html
Govt agencies were targeted with ROAMINGMOUSE, a stealthy Excel-based malware dropper delivering an upgraded ANEL backdoor.
It starts with a real OneDrive link. Ends with deep system access.
But there’s more under the surface...
🔗 See how the attack works → https://thehackernews.com/2025/05/mirrorface-targets-japan-and-taiwan.html
😁9👍3😱3
🔐 Learn from industry experts and gain hands-on experience with integrated cybersecurity strategies, policies, and safeguards.
Don’t miss this event → https://thn.news/gc-cyber-risk-fb
Don’t miss this event → https://thn.news/gc-cyber-risk-fb
🔥8👍5
🚨 AI is only as secure as the data it relies on.
As generative AI adoption grows, one question matters most:
Can you trust your data?
Sentra Security’s latest blog breaks down why visibility & control are key to safe, reliable AI.
Read more 👉 https://thn.news/ai-secure-data-x
As generative AI adoption grows, one question matters most:
Can you trust your data?
Sentra Security’s latest blog breaks down why visibility & control are key to safe, reliable AI.
Read more 👉 https://thn.news/ai-secure-data-x
🤔7
🚨 Qilin Ransomware Surges to #1
A stealthy tool called NETXLOADER is fueling Qilin’s explosive growth—45 victims in April alone, across sectors like healthcare, finance, and tech.
Find details here — https://thehackernews.com/2025/05/qilin-leads-april-2025-ransomware-spike.html
A stealthy tool called NETXLOADER is fueling Qilin’s explosive growth—45 victims in April alone, across sectors like healthcare, finance, and tech.
Find details here — https://thehackernews.com/2025/05/qilin-leads-april-2025-ransomware-spike.html
🤔10🔥4
⚠️ Another one? A SonicWall bug from 2021 just came back—and might’ve been exploited.
Now, 3 new flaws in SMA 100 appliances open the door to root-level access via VPN.
Don’t wait for PoC exploit | Update now → v10.2.1.15-81sv
🔗 Details here: https://thehackernews.com/2025/05/sonicwall-patches-3-flaws-in-sma-100.html
Now, 3 new flaws in SMA 100 appliances open the door to root-level access via VPN.
Don’t wait for PoC exploit | Update now → v10.2.1.15-81sv
🔗 Details here: https://thehackernews.com/2025/05/sonicwall-patches-3-flaws-in-sma-100.html
👍12
🔥 38,000+ fake sites. Millions stolen. AI-written lures.
A stealthy phishing network ("FreeDrain") is hijacking Google results to drain crypto wallets in minutes.
👀 Seed phrases, Discord traps, fake wallet UIs... all fair game.
See how it works → https://thehackernews.com/2025/05/38000-freedrain-subdomains-found.html
A stealthy phishing network ("FreeDrain") is hijacking Google results to drain crypto wallets in minutes.
👀 Seed phrases, Discord traps, fake wallet UIs... all fair game.
See how it works → https://thehackernews.com/2025/05/38000-freedrain-subdomains-found.html
👍19🔥5🤯5⚡3😱1
h⚡ A China-linked group is actively exploiting a critical CVE-2025-31324 flaw (CVSS 10.0) in SAP NetWeaver, targeting industries from energy to government.
They’re using advanced post-ex tools, fake Cloudflare certs, and hosting malware on Chinese cloud IPs.
Patch fast. Read → https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html
They’re using advanced post-ex tools, fake Cloudflare certs, and hosting malware on Chinese cloud IPs.
Patch fast. Read → https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html
👏14👍7🤯5
🔐 AI fights scams like never before!
Google just armed Chrome & Android with on-device Gemini Nano AI to block never-before-seen frauds—live, in real-time.
👀 20x more scam pages now detected
📉 80%+ drop in fake airline support
🚨 Android to warn of shady notifications
👉 Read how it works: https://thehackernews.com/2025/05/google-rolls-out-on-device-ai.html
Google just armed Chrome & Android with on-device Gemini Nano AI to block never-before-seen frauds—live, in real-time.
👀 20x more scam pages now detected
📉 80%+ drop in fake airline support
🚨 Android to warn of shady notifications
👉 Read how it works: https://thehackernews.com/2025/05/google-rolls-out-on-device-ai.html
🔥17👍8👏7
The CVE system is breaking—and attackers are betting on the chaos.
290K+ CVEs. 24K+ still waiting for review. 1 tiny gap = 1 big breach.
We need to stop “managing vulnerabilities” and start mitigating threats.
📘 Security Navigator 2025 has the blueprint: https://thehackernews.com/2025/05/beyond-vulnerability-management-cves.html
290K+ CVEs. 24K+ still waiting for review. 1 tiny gap = 1 big breach.
We need to stop “managing vulnerabilities” and start mitigating threats.
📘 Security Navigator 2025 has the blueprint: https://thehackernews.com/2025/05/beyond-vulnerability-management-cves.html
🔥14👍6