🚨 One email. One click. Full inbox compromise.

APT28 is back with Operation RoundPress, exploiting zero-days in MDaemon, Roundcube, Zimbra & Horde to steal emails from govs, defense orgs & academics across Ukraine, Bulgaria, Greece & more.

🔗 Read: https://thehackernews.com/2025/05/russia-linked-apt28-exploited-mdaemon.html

🚨 2,000+ devs downloaded this npm package... and it was hiding malware

A seemingly harmless utility used Google Calendar as a stealth command link.

—Unicode tricks
—Multi-stage payloads
—Real downloads
—The kicker? It’s still live

Read here: https://thehackernews.com/2025/05/malicious-npm-package-leverages-unicode.html

🔥 Cybercriminals are now using Microsoft’s own Quick Assist tool to deploy ransomware like Black Basta. And with Ransomware-as-a-Service, anyone can launch an attack.

No BCDR? You’re gambling your business.

Learn 5 must-have recovery moves now → https://thehackernews.com/2025/05/top-5-bcdr-capabilities-for-ransomware-defense.html

👀 Your last pen test passed. So why was there still a breach?

Compliance checks a box. Attackers exploit what happens next. Verizon’s 2025 report shows a 34% spike in exploited vulnerabilities — most after audits.

🔁 It’s time to move beyond point-in-time testing.
Only continuous pen testing + EASM reveals what attackers find first.

👉 See what your strategy might be missing: https://thehackernews.com/2025/05/pen-testing-for-compliance-only-its.html

🕷️ NEW WEBINAR: Learn about Scattered Spider’s evolving TTPs and how to defend your organization 🕷️

Join Push Security to learn about Scattered Spider’s current and future TTPs and how to stop breaches beginning with account takeover.

Register here 👉 https://thn.news/scattered-spider-2025

🚨 Coinbase insider breach exposed. Hackers bribed support agents to steal user data—then tried to extort $20M.

🧠 No crypto lost, but names, emails, and IDs were leaked.
🛡️ Coinbase is reimbursing victims + offering a $20M reward.

🔗 Full story → https://thehackernews.com/2025/05/coinbase-agents-bribed-data-of-1-users.html

👀 Meta vs. Europe—Round 2

Starting May 27, Meta plans to train its AI using Facebook & Instagram user data across the E.U.—without asking for consent.

Privacy watchdog noyb says it’s illegal. A class action may be coming.

Full story: https://thehackernews.com/2025/05/meta-to-train-ai-on-eu-user-data-from.html

🚫 Your firewall isn't broken—it's just outdated.

AI-powered attacks are faster than ever. Still exposing your network with public IPs? You're playing defense with a blindfold.

Zscaler's Zero Trust model flips the script—no public IPs, no easy targets. It's not magic. It's strategy.

👀 The most secure network is the one they can't see.

🔎 Discover how it works → https://thehackernews.com/expert-insights/2025/05/eliminating-public-ips-case-for-zero.html

💻 Spectre Isn’t Dead. It’s Mutating! New CPU flaw hits ALL modern Intel chips.

🛠 Researchers at ETH Zurich and VUSec uncovered Spectre-style Intel CPU flaws (CVE-2024-45332, CVE-2024-28956, CVE-2025-24495) that leak memory across users, guests, and hosts—at rates up to 17KB/sec.

Read details → https://thehackernews.com/2025/05/researchers-expose-new-intel-cpu-flaws.html

Patches are out. But is this just another Band-Aid?

🚨 A new Windows-based botnet—HTTPBot—is quietly choking login and payment systems across China’s gaming and tech sectors.

🔥 Over 200 targeted attacks since April 2025
🧠 Mimics real users with Chrome, cookies & HTTP/2

Learn more about this: https://thehackernews.com/2025/05/new-httpbot-botnet-launches-200.html

🔒 What if your most sensitive data is already exposed—and no one knows yet?

AI-powered DLP, zero trust, browser isolation, and cloud posture control are reshaping data defense.

Learn 10 must-do strategies now → https://thehackernews.com/2025/05/top-10-best-practices-for-effective.html

🛑 2 critical Firefox zero-days — CVE-2025-4918 & CVE-2025-4919 — proven exploitable.

Attackers can read/write sensitive data or trigger remote code execution.

Affects all versions before: • Firefox 138.0.4 • ESR 128.10.1 / 115.23.1
🔗 Patch now. Full story: https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.html

“We never drop tools on machines.”

84% of major cyberattacks now use built-in system tools like PowerShell & netsh.exe — not malware.

👀 Bitdefender analyzed 700,000 incidents: attackers are hiding in plain sight using legit admin utilities.

Living Off the Land isn’t just stealth—it’s standard.

→ See how PHASR flips the script: smart blocking, zero disruption.

🔗 Read: https://thehackernews.com/expert-insights/2025/05/living-off-land-what-we-learned-from.html

⚡ Weekly Recap: Zero-days are just the tip. This week’s threat activity points to a deeper shift in how attackers operate.

Read now, recalibrate faster → https://thehackernews.com/2025/05/weekly-recap-zero-day-exploits-insider.html

🚨 New favorite toy of ransomware gangs? A stealthy malware called Skitnet—now seen in live attacks.

First sold on dark forums in 2024, it's now powering phishing campaigns from groups like Black Basta in 2025.

→ Reverse shell via DNS
→ Evades AV using GetProcAddress
→ Deploys legit tools like AnyDesk
→ Modular, stealthy, persistent

Learn how it works: https://thehackernews.com/2025/05/ransomware-gangs-use-skitnet-malware.html

🔥 CTEM is the new must-have for cybersecurity leaders.

Forget yearly audits. This is about always-on risk testing — and it’s working.

CTEM uses attack simulations, real-time testing & exposure tracking to stay ahead.

Why are top CISOs making the switch?

👉 Learn how it works: https://thehackernews.com/2025/05/why-ctem-is-winning-bet-for-cisos-in.html

🛑 WARNING: Popular VMware tool RVTools was hacked to spread Bumblebee malware via its official site.

The site is now offline — but ⚠️ do not download from unofficial sources either.

Meanwhile, Procolored printer software was found carrying a Delphi backdoor and a $974K crypto clipper named SnipVex, which infects .exe files to hijack Bitcoin transactions.

🔎 Full details here: https://thehackernews.com/2025/05/rvtools-official-site-hacked-to-deliver.html

👀 Devs, you're being hunted.

3 Python packages quietly turned stolen emails into verified TikTok & Instagram targets. Another posed as a dev tool—actually a stealth backdoor.

🔗 Full story → https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html

🚨 RedisRaider is here—and it's hunting Linux servers.

A new cryptojacking campaign is weaponizing Redis config commands to silently hijack Linux systems and mine Monero.

🔗 Learn more: https://thehackernews.com/2025/05/go-based-malware-deploys-xmrig-miner-on.html

🚨 New Chinese APT uncovered!

ESET reveals MarsSnake, a stealth backdoor used in a multi-year campaign targeting a Saudi org via fake flight emails.

The threat actor? UnsolicitedBooker—and it’s not working alone.

👀 More tactics, ties, and twists → https://thehackernews.com/2025/05/chinese-hackers-deploy-marssnake.html