👀 Busted.

A 45-year-old man has been arrested in Moldova for a €4.5M DoppelPaymer ransomware attack on Dutch institutions—including the Netherlands' top science agency (NWO) in 2021.

Read the full story ➝ https://thehackernews.com/2025/05/moldovan-police-arrest-suspect-in-45m.html

🛑 One breach at Tier 0… and it’s game over.

Active Directory runs in 90% of Fortune 1000. That’s why it’s the #1 target.

Microsoft's fix:
🔐 Tier 0 = Control Plane (AD, domain controllers, identity tools)
✅ Just-in-Time access
🚫 No standing admin privileges
🧱 Isolate it from lower tiers

One breach here = full network compromise.

🔗 Learn how to secure it right: https://thehackernews.com/expert-insights/2025/05/securing-tier-0-history-of-escalating.html

🚨 The person you're speaking to on Zoom might be AI.

Voice phishing surged 442% in 2024. Deepfakes now impersonate CEOs, job candidates—even your coworkers.

🔐 Detection isn’t enough. Trust must be proven—cryptographically.

👀 See how (demo) → https://thehackernews.com/2025/05/deepfake-defense-in-age-of-ai.html

🚨 North Korea’s Konni APT is targeting Ukraine.

Phishing, fake think tanks, malware-laced files—this isn’t your usual intel op.

The goal? Not battlefield data—but something far more strategic.

🔗 Full story → https://thehackernews.com/2025/05/north-korean-konni-apt-targets-ukraine.html

🚨 Crypto devs, beware!

A fake solana-token package on PyPI was caught stealing source code and secrets from developer machines — disguised as a legit blockchain tool.

— 761 installs before takedown
— Audit every dependency

Read: https://thehackernews.com/2025/05/malicious-pypi-package-posing-as-solana.html

🚨 581 SAP servers BREACHED.

China-linked APTs are exploiting CVE-2025-31324 to backdoor critical infrastructure—gas, water, and gov sectors across the 🇺🇸 🇬🇧 🇸🇦

3 active hacking groups, persistent access.

🔗 Details here: https://thehackernews.com/2025/05/china-linked-apts-exploit-sap-cve-2025.html

🚨 Another Ivanti exploit ALERT!

Attackers are chaining two new flaws (CVE-2025-4427, 4428) for remote code execution on vulnerable EPMM versions.

— Risk: Auth bypass ➕ RCE
— Exploited: Yes (limited cases)

⚠️ Act fast—patch now / read more: https://thehackernews.com/2025/05/ivanti-patches-epmm-vulnerabilities.html

🚨 Critical Fortinet 0-Day Exploited in Attacks!

Hackers are hitting FortiVoice systems in the wild—logging creds, wiping crash logs, scanning networks.

CVE-2025-32756 (CVSS 9.6) affects:
—FortiVoice, FortiMail, FortiNDR
—FortiRecorder, FortiCamera

Exploitable without login via crafted HTTP requests.

🔗 Details: https://thehackernews.com/2025/05/fortinet-patches-cve-2025-32756-zero.html

🛑 5 Microsoft zero-days exploited in the wild!

One flaw lets attackers hijack full system control—just by visiting a webpage.

◆ 78 flaws fixed — 11 critical
◆ CVE-2025-30397 to 32709 now in CISA’s KEV list
◆ 10.0 CVSS bug in Azure DevOps Server

🔗 Details here: https://thehackernews.com/2025/05/microsoft-fixes-78-flaws-5-zero-days.html

🛡️ Don’t wait. Patch now.

🚨 URGENT UPDATE: Another SAP flaw under active exploitation!

CVE-2025-42999 (CVSS 9.1) is now confirmed actively exploited — allows attackers to execute commands via insecure deserialization in NetWeaver.

🛠 Patch now: SAP Note 3604119

Read: https://thehackernews.com/2025/05/china-linked-apts-exploit-sap-cve-2025.html

👀 UPDATE: Android just got its own Lockdown Mode.

• Tamper-proof Intrusion Logging
• Scam alerts during banking calls
• Lock screen OTP protection
• Upgraded app threat detection

🔒 Rolling out on Android 11+ | Full launch this summer.

📲 What’s new & how it protects you: https://thehackernews.com/2025/05/google-rolls-out-on-device-ai.html

🚨 Invoice Email? Think Twice.

A stealthy phishing campaign is hitting Windows users in Latin America—disguised as financial docs, but dropping Horabot malware instead.

👀 Hijacks inboxes
📩 Spreads via Outlook
💰 Targets banking data

🔗 Full details here → https://thehackernews.com/2025/05/horabot-malware-targets-6-latin.html

🚨 Drone supply chains under attack!

Earth Ammit, a likely China-linked group, ran two stealthy ops—VENOM & TIDRONE—to breach drone and defense industries in Taiwan & South Korea.

They’re not hitting targets directly. They’re hijacking the software vendors you trust.

🔗 Read: https://thehackernews.com/2025/05/earth-ammit-breached-drone-supply.html

🔥 Cyber attacks are up. Skills still lag.

Verizon’s 2025 DBIR reports an 18% jump in breaches, with vuln exploitation up 34% YoY. Yet most orgs rely too much on tools.

Want real defense? Train every team to think like an attacker.

From new analysts to execs—offensive training builds sharper instincts, faster response, and better strategy.

🔗 Learn how: https://thehackernews.com/2025/05/learning-how-to-hack-why-offensive.html

SANS Offensive Ops East → Jun 8–14 | San Antonio → Aug 4–9

⚡ Free AI Security Assessment from Vanta

Whether your company is using, building with, or developing AI, Vanta’s AI Security Assessment outlines the most critical and common considerations across any AI program—from governance to risk, to data privacy, incident management, and more.

Download it for free here: https://thn.news/ai-security-assessment-template

🚨 14,000+ fake URLs.

A massive phishing campaign—Meta Mirage—is hijacking Meta Business Suite users with scarily real fake alerts.

◆︎ 78% of malicious links went unblocked by browsers.
◆︎ Hosted on trusted platforms like GitHub & Firebase.
◆︎ Looks legit. Hits hard. You won’t see it coming.

🔐 CTM360 just dropped the full intel: https://thehackernews.com/2025/05/ctm360-identifies-surge-in-phishing.html

🚨 $8.4B in shadow deals—run from Telegram.

A Chinese-language black market called Xinbi Guarantee quietly moved billions in crypto since 2022.

What’s inside? Think: stolen data, fake IDs, laundering services—and more.

👀 The full story is darker than you think: https://thehackernews.com/2025/05/xinbi-telegram-market-tied-to-84b-in.html

🔥 Two ransomware gangs—BianLian and RansomExx—are now exploiting a critical SAP flaw (CVE-2025-31324).

They’re not alone. Nation-state hackers are in the mix too.

One exploit. Full system access.

🔗 Read the full breakdown: https://thehackernews.com/2025/05/bianlian-and-ransomexx-exploit-sap.html

🛑 Actively Exploited Samsung Flaw Hits Critical Alert!

PoC dropped. Exploits followed fast.

A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware.

Read → https://thehackernews.com/2025/05/samsung-patches-cve-2025-4632-used-to.html

🚨 Warning: A new high-severity Google Chrome flaw is being actively exploited in the wild.

CVE-2025-4664 allows attackers to steal sensitive data like account credentials via crafted HTML + image traps.

It affects Chrome < 136.0.7103.113 — and likely other Chromium-based browsers.

🔗 Details: https://thehackernews.com/2025/05/new-chrome-vulnerability-enables-cross.html