🚨 Drone supply chains under attack!

Earth Ammit, a likely China-linked group, ran two stealthy ops—VENOM & TIDRONE—to breach drone and defense industries in Taiwan & South Korea.

They’re not hitting targets directly. They’re hijacking the software vendors you trust.

🔗 Read: https://thehackernews.com/2025/05/earth-ammit-breached-drone-supply.html

🔥 Cyber attacks are up. Skills still lag.

Verizon’s 2025 DBIR reports an 18% jump in breaches, with vuln exploitation up 34% YoY. Yet most orgs rely too much on tools.

Want real defense? Train every team to think like an attacker.

From new analysts to execs—offensive training builds sharper instincts, faster response, and better strategy.

🔗 Learn how: https://thehackernews.com/2025/05/learning-how-to-hack-why-offensive.html

SANS Offensive Ops East → Jun 8–14 | San Antonio → Aug 4–9

⚡ Free AI Security Assessment from Vanta

Whether your company is using, building with, or developing AI, Vanta’s AI Security Assessment outlines the most critical and common considerations across any AI program—from governance to risk, to data privacy, incident management, and more.

Download it for free here: https://thn.news/ai-security-assessment-template

🚨 14,000+ fake URLs.

A massive phishing campaign—Meta Mirage—is hijacking Meta Business Suite users with scarily real fake alerts.

◆︎ 78% of malicious links went unblocked by browsers.
◆︎ Hosted on trusted platforms like GitHub & Firebase.
◆︎ Looks legit. Hits hard. You won’t see it coming.

🔐 CTM360 just dropped the full intel: https://thehackernews.com/2025/05/ctm360-identifies-surge-in-phishing.html

🚨 $8.4B in shadow deals—run from Telegram.

A Chinese-language black market called Xinbi Guarantee quietly moved billions in crypto since 2022.

What’s inside? Think: stolen data, fake IDs, laundering services—and more.

👀 The full story is darker than you think: https://thehackernews.com/2025/05/xinbi-telegram-market-tied-to-84b-in.html

🔥 Two ransomware gangs—BianLian and RansomExx—are now exploiting a critical SAP flaw (CVE-2025-31324).

They’re not alone. Nation-state hackers are in the mix too.

One exploit. Full system access.

🔗 Read the full breakdown: https://thehackernews.com/2025/05/bianlian-and-ransomexx-exploit-sap.html

🛑 Actively Exploited Samsung Flaw Hits Critical Alert!

PoC dropped. Exploits followed fast.

A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware.

Read → https://thehackernews.com/2025/05/samsung-patches-cve-2025-4632-used-to.html

🚨 Warning: A new high-severity Google Chrome flaw is being actively exploited in the wild.

CVE-2025-4664 allows attackers to steal sensitive data like account credentials via crafted HTML + image traps.

It affects Chrome < 136.0.7103.113 — and likely other Chromium-based browsers.

🔗 Details: https://thehackernews.com/2025/05/new-chrome-vulnerability-enables-cross.html

🚨 One email. One click. Full inbox compromise.

APT28 is back with Operation RoundPress, exploiting zero-days in MDaemon, Roundcube, Zimbra & Horde to steal emails from govs, defense orgs & academics across Ukraine, Bulgaria, Greece & more.

🔗 Read: https://thehackernews.com/2025/05/russia-linked-apt28-exploited-mdaemon.html

🚨 2,000+ devs downloaded this npm package... and it was hiding malware

A seemingly harmless utility used Google Calendar as a stealth command link.

—Unicode tricks
—Multi-stage payloads
—Real downloads
—The kicker? It’s still live

Read here: https://thehackernews.com/2025/05/malicious-npm-package-leverages-unicode.html

🔥 Cybercriminals are now using Microsoft’s own Quick Assist tool to deploy ransomware like Black Basta. And with Ransomware-as-a-Service, anyone can launch an attack.

No BCDR? You’re gambling your business.

Learn 5 must-have recovery moves now → https://thehackernews.com/2025/05/top-5-bcdr-capabilities-for-ransomware-defense.html

👀 Your last pen test passed. So why was there still a breach?

Compliance checks a box. Attackers exploit what happens next. Verizon’s 2025 report shows a 34% spike in exploited vulnerabilities — most after audits.

🔁 It’s time to move beyond point-in-time testing.
Only continuous pen testing + EASM reveals what attackers find first.

👉 See what your strategy might be missing: https://thehackernews.com/2025/05/pen-testing-for-compliance-only-its.html

🕷️ NEW WEBINAR: Learn about Scattered Spider’s evolving TTPs and how to defend your organization 🕷️

Join Push Security to learn about Scattered Spider’s current and future TTPs and how to stop breaches beginning with account takeover.

Register here 👉 https://thn.news/scattered-spider-2025

🚨 Coinbase insider breach exposed. Hackers bribed support agents to steal user data—then tried to extort $20M.

🧠 No crypto lost, but names, emails, and IDs were leaked.
🛡️ Coinbase is reimbursing victims + offering a $20M reward.

🔗 Full story → https://thehackernews.com/2025/05/coinbase-agents-bribed-data-of-1-users.html

👀 Meta vs. Europe—Round 2

Starting May 27, Meta plans to train its AI using Facebook & Instagram user data across the E.U.—without asking for consent.

Privacy watchdog noyb says it’s illegal. A class action may be coming.

Full story: https://thehackernews.com/2025/05/meta-to-train-ai-on-eu-user-data-from.html

🚫 Your firewall isn't broken—it's just outdated.

AI-powered attacks are faster than ever. Still exposing your network with public IPs? You're playing defense with a blindfold.

Zscaler's Zero Trust model flips the script—no public IPs, no easy targets. It's not magic. It's strategy.

👀 The most secure network is the one they can't see.

🔎 Discover how it works → https://thehackernews.com/expert-insights/2025/05/eliminating-public-ips-case-for-zero.html

💻 Spectre Isn’t Dead. It’s Mutating! New CPU flaw hits ALL modern Intel chips.

🛠 Researchers at ETH Zurich and VUSec uncovered Spectre-style Intel CPU flaws (CVE-2024-45332, CVE-2024-28956, CVE-2025-24495) that leak memory across users, guests, and hosts—at rates up to 17KB/sec.

Read details → https://thehackernews.com/2025/05/researchers-expose-new-intel-cpu-flaws.html

Patches are out. But is this just another Band-Aid?

🚨 A new Windows-based botnet—HTTPBot—is quietly choking login and payment systems across China’s gaming and tech sectors.

🔥 Over 200 targeted attacks since April 2025
🧠 Mimics real users with Chrome, cookies & HTTP/2

Learn more about this: https://thehackernews.com/2025/05/new-httpbot-botnet-launches-200.html

🔒 What if your most sensitive data is already exposed—and no one knows yet?

AI-powered DLP, zero trust, browser isolation, and cloud posture control are reshaping data defense.

Learn 10 must-do strategies now → https://thehackernews.com/2025/05/top-10-best-practices-for-effective.html

🛑 2 critical Firefox zero-days — CVE-2025-4918 & CVE-2025-4919 — proven exploitable.

Attackers can read/write sensitive data or trigger remote code execution.

Affects all versions before: • Firefox 138.0.4 • ESR 128.10.1 / 115.23.1
🔗 Patch now. Full story: https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.html