🚨 14,000+ fake URLs.

A massive phishing campaign—Meta Mirage—is hijacking Meta Business Suite users with scarily real fake alerts.

◆︎ 78% of malicious links went unblocked by browsers.
◆︎ Hosted on trusted platforms like GitHub & Firebase.
◆︎ Looks legit. Hits hard. You won’t see it coming.

🔐 CTM360 just dropped the full intel: https://thehackernews.com/2025/05/ctm360-identifies-surge-in-phishing.html

🚨 $8.4B in shadow deals—run from Telegram.

A Chinese-language black market called Xinbi Guarantee quietly moved billions in crypto since 2022.

What’s inside? Think: stolen data, fake IDs, laundering services—and more.

👀 The full story is darker than you think: https://thehackernews.com/2025/05/xinbi-telegram-market-tied-to-84b-in.html

🔥 Two ransomware gangs—BianLian and RansomExx—are now exploiting a critical SAP flaw (CVE-2025-31324).

They’re not alone. Nation-state hackers are in the mix too.

One exploit. Full system access.

🔗 Read the full breakdown: https://thehackernews.com/2025/05/bianlian-and-ransomexx-exploit-sap.html

🛑 Actively Exploited Samsung Flaw Hits Critical Alert!

PoC dropped. Exploits followed fast.

A 9.8 CVSS bug in Samsung’s MagicINFO 9 Server (CVE-2025-4632) is being used in the wild—even to deploy Mirai malware.

Read → https://thehackernews.com/2025/05/samsung-patches-cve-2025-4632-used-to.html

🚨 Warning: A new high-severity Google Chrome flaw is being actively exploited in the wild.

CVE-2025-4664 allows attackers to steal sensitive data like account credentials via crafted HTML + image traps.

It affects Chrome < 136.0.7103.113 — and likely other Chromium-based browsers.

🔗 Details: https://thehackernews.com/2025/05/new-chrome-vulnerability-enables-cross.html

🚨 One email. One click. Full inbox compromise.

APT28 is back with Operation RoundPress, exploiting zero-days in MDaemon, Roundcube, Zimbra & Horde to steal emails from govs, defense orgs & academics across Ukraine, Bulgaria, Greece & more.

🔗 Read: https://thehackernews.com/2025/05/russia-linked-apt28-exploited-mdaemon.html

🚨 2,000+ devs downloaded this npm package... and it was hiding malware

A seemingly harmless utility used Google Calendar as a stealth command link.

—Unicode tricks
—Multi-stage payloads
—Real downloads
—The kicker? It’s still live

Read here: https://thehackernews.com/2025/05/malicious-npm-package-leverages-unicode.html

🔥 Cybercriminals are now using Microsoft’s own Quick Assist tool to deploy ransomware like Black Basta. And with Ransomware-as-a-Service, anyone can launch an attack.

No BCDR? You’re gambling your business.

Learn 5 must-have recovery moves now → https://thehackernews.com/2025/05/top-5-bcdr-capabilities-for-ransomware-defense.html

👀 Your last pen test passed. So why was there still a breach?

Compliance checks a box. Attackers exploit what happens next. Verizon’s 2025 report shows a 34% spike in exploited vulnerabilities — most after audits.

🔁 It’s time to move beyond point-in-time testing.
Only continuous pen testing + EASM reveals what attackers find first.

👉 See what your strategy might be missing: https://thehackernews.com/2025/05/pen-testing-for-compliance-only-its.html

🕷️ NEW WEBINAR: Learn about Scattered Spider’s evolving TTPs and how to defend your organization 🕷️

Join Push Security to learn about Scattered Spider’s current and future TTPs and how to stop breaches beginning with account takeover.

Register here 👉 https://thn.news/scattered-spider-2025

🚨 Coinbase insider breach exposed. Hackers bribed support agents to steal user data—then tried to extort $20M.

🧠 No crypto lost, but names, emails, and IDs were leaked.
🛡️ Coinbase is reimbursing victims + offering a $20M reward.

🔗 Full story → https://thehackernews.com/2025/05/coinbase-agents-bribed-data-of-1-users.html

👀 Meta vs. Europe—Round 2

Starting May 27, Meta plans to train its AI using Facebook & Instagram user data across the E.U.—without asking for consent.

Privacy watchdog noyb says it’s illegal. A class action may be coming.

Full story: https://thehackernews.com/2025/05/meta-to-train-ai-on-eu-user-data-from.html

🚫 Your firewall isn't broken—it's just outdated.

AI-powered attacks are faster than ever. Still exposing your network with public IPs? You're playing defense with a blindfold.

Zscaler's Zero Trust model flips the script—no public IPs, no easy targets. It's not magic. It's strategy.

👀 The most secure network is the one they can't see.

🔎 Discover how it works → https://thehackernews.com/expert-insights/2025/05/eliminating-public-ips-case-for-zero.html

💻 Spectre Isn’t Dead. It’s Mutating! New CPU flaw hits ALL modern Intel chips.

🛠 Researchers at ETH Zurich and VUSec uncovered Spectre-style Intel CPU flaws (CVE-2024-45332, CVE-2024-28956, CVE-2025-24495) that leak memory across users, guests, and hosts—at rates up to 17KB/sec.

Read details → https://thehackernews.com/2025/05/researchers-expose-new-intel-cpu-flaws.html

Patches are out. But is this just another Band-Aid?

🚨 A new Windows-based botnet—HTTPBot—is quietly choking login and payment systems across China’s gaming and tech sectors.

🔥 Over 200 targeted attacks since April 2025
🧠 Mimics real users with Chrome, cookies & HTTP/2

Learn more about this: https://thehackernews.com/2025/05/new-httpbot-botnet-launches-200.html

🔒 What if your most sensitive data is already exposed—and no one knows yet?

AI-powered DLP, zero trust, browser isolation, and cloud posture control are reshaping data defense.

Learn 10 must-do strategies now → https://thehackernews.com/2025/05/top-10-best-practices-for-effective.html

🛑 2 critical Firefox zero-days — CVE-2025-4918 & CVE-2025-4919 — proven exploitable.

Attackers can read/write sensitive data or trigger remote code execution.

Affects all versions before: • Firefox 138.0.4 • ESR 128.10.1 / 115.23.1
🔗 Patch now. Full story: https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.html

“We never drop tools on machines.”

84% of major cyberattacks now use built-in system tools like PowerShell & netsh.exe — not malware.

👀 Bitdefender analyzed 700,000 incidents: attackers are hiding in plain sight using legit admin utilities.

Living Off the Land isn’t just stealth—it’s standard.

→ See how PHASR flips the script: smart blocking, zero disruption.

🔗 Read: https://thehackernews.com/expert-insights/2025/05/living-off-land-what-we-learned-from.html

⚡ Weekly Recap: Zero-days are just the tip. This week’s threat activity points to a deeper shift in how attackers operate.

Read now, recalibrate faster → https://thehackernews.com/2025/05/weekly-recap-zero-day-exploits-insider.html

🚨 New favorite toy of ransomware gangs? A stealthy malware called Skitnet—now seen in live attacks.

First sold on dark forums in 2024, it's now powering phishing campaigns from groups like Black Basta in 2025.

→ Reverse shell via DNS
→ Evades AV using GetProcAddress
→ Deploys legit tools like AnyDesk
→ Modular, stealthy, persistent

Learn how it works: https://thehackernews.com/2025/05/ransomware-gangs-use-skitnet-malware.html