“We never drop tools on machines.”

84% of major cyberattacks now use built-in system tools like PowerShell & netsh.exe — not malware.

👀 Bitdefender analyzed 700,000 incidents: attackers are hiding in plain sight using legit admin utilities.

Living Off the Land isn’t just stealth—it’s standard.

→ See how PHASR flips the script: smart blocking, zero disruption.

🔗 Read: https://thehackernews.com/expert-insights/2025/05/living-off-land-what-we-learned-from.html

⚡ Weekly Recap: Zero-days are just the tip. This week’s threat activity points to a deeper shift in how attackers operate.

Read now, recalibrate faster → https://thehackernews.com/2025/05/weekly-recap-zero-day-exploits-insider.html

🚨 New favorite toy of ransomware gangs? A stealthy malware called Skitnet—now seen in live attacks.

First sold on dark forums in 2024, it's now powering phishing campaigns from groups like Black Basta in 2025.

→ Reverse shell via DNS
→ Evades AV using GetProcAddress
→ Deploys legit tools like AnyDesk
→ Modular, stealthy, persistent

Learn how it works: https://thehackernews.com/2025/05/ransomware-gangs-use-skitnet-malware.html

🔥 CTEM is the new must-have for cybersecurity leaders.

Forget yearly audits. This is about always-on risk testing — and it’s working.

CTEM uses attack simulations, real-time testing & exposure tracking to stay ahead.

Why are top CISOs making the switch?

👉 Learn how it works: https://thehackernews.com/2025/05/why-ctem-is-winning-bet-for-cisos-in.html

🛑 WARNING: Popular VMware tool RVTools was hacked to spread Bumblebee malware via its official site.

The site is now offline — but ⚠️ do not download from unofficial sources either.

Meanwhile, Procolored printer software was found carrying a Delphi backdoor and a $974K crypto clipper named SnipVex, which infects .exe files to hijack Bitcoin transactions.

🔎 Full details here: https://thehackernews.com/2025/05/rvtools-official-site-hacked-to-deliver.html

👀 Devs, you're being hunted.

3 Python packages quietly turned stolen emails into verified TikTok & Instagram targets. Another posed as a dev tool—actually a stealth backdoor.

🔗 Full story → https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html

🚨 RedisRaider is here—and it's hunting Linux servers.

A new cryptojacking campaign is weaponizing Redis config commands to silently hijack Linux systems and mine Monero.

🔗 Learn more: https://thehackernews.com/2025/05/go-based-malware-deploys-xmrig-miner-on.html

🚨 New Chinese APT uncovered!

ESET reveals MarsSnake, a stealth backdoor used in a multi-year campaign targeting a Saudi org via fake flight emails.

The threat actor? UnsolicitedBooker—and it’s not working alone.

👀 More tactics, ties, and twists → https://thehackernews.com/2025/05/chinese-hackers-deploy-marssnake.html

💀 Most breaches begin with identity.

Issue isn’t firewall—it's login. You invest in EDR, NDR, ITDR, but attackers use valid credentials.

🔥 ITP stops attacks pre-access.

👉 Learn more: https://thehackernews.com/expert-insights/2025/05/breach-fatalism-is-over-why-identity.html

💥 75 security tools, 2,000+ alerts/week — Still breached.

This new "2025 State of Pentesting" report reveals what’s really working (and what’s not) in modern security testing.

🔗 Get the key insights: https://thehackernews.com/2025/05/the-crowded-battle-key-insights-from.html

🚨 One default IAM role can expose your entire AWS account.

Experts found overly permissive roles in AWS services like SageMaker & Glue—granting attackers wide access, including full S3 control.

It’s not just misconfig—it's a silent backdoor.

Details: https://thehackernews.com/2025/05/aws-default-iam-roles-found-to-enable.html

⚠️ Old flaws—new threat!

A new SideWinder campaign hit gov’t agencies in 🇱🇰 Sri Lanka, 🇧🇩 Bangladesh & 🇵🇰 Pakistan using geofenced malware and old MS Office flaws.

🔗 Details just dropped: https://thehackernews.com/2025/05/south-asian-ministries-hit-by.html

🚨 Over 100 malicious Chrome extensions slipped through Google’s radar since Feb 2024.

They looked legit—VPNs, AI tools, banking apps—but secretly stole data, hijacked sessions, and redirected traffic.

👀 Even bad reviews were filtered.

🔗 Read: https://thehackernews.com/2025/05/100-fake-chrome-extensions-found.html

⚠️ Trusted domains. Abandoned cloud assets. Hijacked by a ghost.

A threat actor called Hazy Hawk is hijacking unused domains from big names like CDC & PwC—turning trusted URLs into malware traps via DNS misconfig.

See how it works ➝ https://thehackernews.com/2025/05/hazy-hawk-exploits-dns-records-to.html

🔥 Google Chrome just got SMARTER!!!

It now auto-changes compromised passwords—in one click.

🔐 Detects hacked passwords
🤖 Auto-generates a strong password
⚡ Instantly updates them

See it in action: https://thehackernews.com/2025/05/google-chrome-can-now-auto-change.html

“SaaS is quietly breaking everything we knew about security.” — JPMorgan’s CISO just sounded the alarm.

From invisible AI agents to risky OAuth tokens, the stakes are rising fast.

👉 4th-party risk is exploding
👉 Non-human identities outnumber users
👉 Admin backdoors + invisible AI agents

👀 What now? Read the analysis → https://thehackernews.com/expert-insights/2025/05/jpmorgan-ciso-spotlights-saas-security.html

🚨 Mobile users, beware.

PWAs Weaponized in Adult-Content Scam.

Hackers are using full Progressive Web Apps (PWAs) to launch a redirection attack—targeting only Android & iOS users while bypassing desktops entirely.

Learn more ➤ https://thehackernews.com/2025/05/researchers-expose-pwa-javascript.html

🚨 One email = FULL BREACH.

Phishing kits like Tycoon2FA bypass filters, trick users & steal creds in seconds.

⚡ See every click, every redirect, every fake login—live—inside this sandbox. Verdicts in <40 seconds. IOC-rich reports.

🔗 Learn how → https://thehackernews.com/2025/05/how-to-detect-phishing-attacks-faster.html

👀 WATCH OUT — If it’s trending, it’s bait.

Cybercriminals are hijacking Facebook ads to impersonate Kling AI—tricking users into downloading malware via fake image generators.

Crypto wallets. Remote access. 70+ spoofed pages.

🔗 Details → https://thehackernews.com/2025/05/fake-kling-ai-facebook-ads-deliver-rat.html

🚨 CI/CD pipelines move fast—but security often lags behind.

Misconfigs, weak containers, and unchecked code can open real attack paths.

Wazuh spots what others miss—and stops it cold.

🔍 See the risks + how to fix them → https://thehackernews.com/2025/05/securing-cicd-workflows-with-wazuh.html