🚨 Update: The latest version of Samsung MagicINFO 9 Server is being actively exploited—despite a patch issued in Aug 2024.

🔍 Researchers at Huntress say the flaw is still vulnerable to attack via a public PoC.

🔗 Read: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html

🛑 New Cisco flaw scores a perfect 10.0 CVSS.

A hardcoded token. Root access. No login needed.

If you run Catalyst 9800 wireless controllers, you’ll want to check this fast.

👉 Read more about CVE-2025-20188 here: https://thehackernews.com/2025/05/cisco-patches-cve-2025-20188-100-cvss.html

🛠️ Microsoft hit 1,360 new vulnerabilities in 2024 — a record high. But here’s the twist—critical flaws are at a decade low.

So why are security leaders still on edge? Legacy code, AI risks, unstable patches… and a looming October 2025 deadline.

💥 The real threat isn’t always the loudest one.

Get the full story in the 2025 Microsoft Vulnerabilities Report: https://thehackernews.com/expert-insights/2025/05/dissecting-2025-microsoft.html

⚠️"I’m not a robot" just became dangerous.

A Russia-linked group is using fake CAPTCHAs and PowerShell tricks to quietly deploy a new espionage tool—LOSTKEYS.

Targets? The usual... and some surprising ones.

Read full story → https://thehackernews.com/2025/05/russian-hackers-using-clickfix-fake.html

🚨 China-linked hackers hit Japan & Taiwan!

Govt agencies were targeted with ROAMINGMOUSE, a stealthy Excel-based malware dropper delivering an upgraded ANEL backdoor.

It starts with a real OneDrive link. Ends with deep system access.

But there’s more under the surface...

🔗 See how the attack works → https://thehackernews.com/2025/05/mirrorface-targets-japan-and-taiwan.html

🔐 Learn from industry experts and gain hands-on experience with integrated cybersecurity strategies, policies, and safeguards.

Don’t miss this event → https://thn.news/gc-cyber-risk-fb

🚨 AI is only as secure as the data it relies on.

As generative AI adoption grows, one question matters most:

Can you trust your data?

Sentra Security’s latest blog breaks down why visibility & control are key to safe, reliable AI.

Read more 👉 https://thn.news/ai-secure-data-x

🚨 Qilin Ransomware Surges to #1

A stealthy tool called NETXLOADER is fueling Qilin’s explosive growth—45 victims in April alone, across sectors like healthcare, finance, and tech.

Find details here — https://thehackernews.com/2025/05/qilin-leads-april-2025-ransomware-spike.html

⚠️ Another one? A SonicWall bug from 2021 just came back—and might’ve been exploited.

Now, 3 new flaws in SMA 100 appliances open the door to root-level access via VPN.

Don’t wait for PoC exploit | Update now → v10.2.1.15-81sv

🔗 Details here: https://thehackernews.com/2025/05/sonicwall-patches-3-flaws-in-sma-100.html

🔥 38,000+ fake sites. Millions stolen. AI-written lures.

A stealthy phishing network ("FreeDrain") is hijacking Google results to drain crypto wallets in minutes.

👀 Seed phrases, Discord traps, fake wallet UIs... all fair game.

See how it works → https://thehackernews.com/2025/05/38000-freedrain-subdomains-found.html

h⚡ A China-linked group is actively exploiting a critical CVE-2025-31324 flaw (CVSS 10.0) in SAP NetWeaver, targeting industries from energy to government.

They’re using advanced post-ex tools, fake Cloudflare certs, and hosting malware on Chinese cloud IPs.

Patch fast. Read → https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html

🔐 AI fights scams like never before!

Google just armed Chrome & Android with on-device Gemini Nano AI to block never-before-seen frauds—live, in real-time.

👀 20x more scam pages now detected
📉 80%+ drop in fake airline support
🚨 Android to warn of shady notifications

👉 Read how it works: https://thehackernews.com/2025/05/google-rolls-out-on-device-ai.html

The CVE system is breaking—and attackers are betting on the chaos.

290K+ CVEs. 24K+ still waiting for review. 1 tiny gap = 1 big breach.

We need to stop “managing vulnerabilities” and start mitigating threats.

📘 Security Navigator 2025 has the blueprint: https://thehackernews.com/2025/05/beyond-vulnerability-management-cves.html

🚨 AI devs, you're the target.

Malicious npm packages disguised as “cheap Cursor AI tools” are stealing credentials, rewriting code, and disabling updates — on macOS.

3,200+ installs — still live.

Find out how it works: https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html

🔥 AI agents are powerful—but risky. Learn how to secure them before it’s too late.

Join our free webinar with an Auth0 expert.

🛡️ Save your seat → https://thehackernews.com/2025/05/deploying-ai-agents-learn-to-secure.html

🚨 Hackers are exploiting free software trials to hijack executive systems in Brazil.

Using fake invoices and Dropbox links, they’re slipping past defenses—and it’s working.

The twist? They’re not using malware. They’re using legit IT tools.

Learn more → https://thehackernews.com/2025/05/initial-access-brokers-target-brazil.html

🛑 Hacker Caught Mid-Interview—Live on Zoom!

North Korean attackers are posing as job applicants using fake resumes, AI tools, and stealth malware to breach companies. Some have slipped through.

OtterCookie v4 reveals just how deep the campaign goes—stealing credentials, crypto wallets, even iCloud Keychain data.

🔗 See the full story → https://thehackernews.com/2025/05/ottercookie-v4-adds-vm-detection-and.html

🔥 BREAKING: $46M cybercrime empire busted.

FBI & Dutch forces take down a botnet run on hacked home routers—active since 2004.

Used by criminals to stay anonymous.

You might be part of it... and not even know.

🔗 Read what they uncovered: https://thehackernews.com/2025/05/breaking-7000-device-proxy-botnet-using.html

🚨 $1.9 BILLION Crypto Swap Site Seized!

Germany’s BKA has shut down eXch[.]cx, a crypto exchange used by North Korean hackers & darknet actors.

🔍 €34M in crypto seized
📁 8 TB of data confiscated
🌐 Ran on clearnet + dark web

Read full story ➝ https://thehackernews.com/2025/05/germany-shuts-down-exch-over-19b.html

👀 They tracked your face, your steps—even your searches in "Incognito."

Now, Google will pay Texas $1.375 BILLION to settle one of the largest privacy lawsuits in U.S. history.

And nearly equal to Meta’s record fine.

🔗 See the full story → https://thehackernews.com/2025/05/google-pays-1375-billion-to-texas-over.html