🚨 Iranian Hacker Pleads Guilty in U.S. Ransomware Case

Sina Gholinejad, 37, admitted to leading Robbinhood ransomware attacks that hit U.S. cities like Baltimore and Greenville between 2019–2024.

💥 $19M+ in damages
💥 City services shut down for months
💥 Used stolen access + vulnerable drivers to avoid detection
💥 Laundered ransom through crypto mixers

He faces up to 30 years in prison.

👉 Read the full story: https://thehackernews.com/2025/05/iranian-hacker-pleads-guilty-in-19.html

🚨 0-day Alert: Unpatched flaw threatens 100K+ WordPress sites

A critical vulnerability (CVE-2025-47577, CVSS 10.0) in TI WooCommerce Wishlist lets unauthenticated attackers upload malicious files.

🔗 Full details → https://thehackernews.com/2025/05/over-100000-wordpress-sites-at-risk.html

🚨 Google Calendar… as malware C2? You read that right.

Chinese APT41 hackers hijacked a govt site to launch a stealth campaign using malware dubbed TOUGHPROGRESS—leveraging Google Calendar events to send commands & exfiltrate data.

Find details here — https://thehackernews.com/2025/05/chinese-apt41-exploits-google-calendar.html

🎭 Phishing scams are down 20%—but don’t celebrate yet.

Hackers are now using GenAI to launch hyper-targeted attacks on HR and finance teams. The game changed. Are your defenses ready for what’s coming next?

🛡️ Read the full 2025 report: https://thehackernews.com/expert-insights/2025/05/zscaler-threatlabz-2025-phishing-report.html

🚨 UPDATE: 9,000 ASUS routers hijacked in silent global attack. Hackers gained persistent access using a known flaw—no malware, no alerts.

Linked to the same group behind the Cisco honeypot botnet.

The real plan? It’s just starting... 👀

Read: https://thehackernews.com/2025/05/vicioustrap-uses-cisco-flaw-to-build.html

🚨 Hackers hijacked a trusted IT tool to launch ransomware attacks across multiple companies in a supply chain breach.

👀 The twist? Another cyber gang may have quietly opened the door. The ransomware underworld is shifting.

Learn more: https://thehackernews.com/2025/05/dragonforce-exploits-simplehelp-flaws.html

🧬 New Malware Alert: Hides Using Broken File Headers!

Fortinet just uncovered a remote access trojan (RAT) that ran unnoticed for weeks—using corrupted DOS & PE headers to avoid detection.

🖥️ Turns your PC into a remote access hub
🔁 Supports multiple attacker sessions
🔐 Uses TLS to stay stealthy

🔗 Read the full story: https://thehackernews.com/2025/05/new-windows-rat-evades-detection-for.html

At Georgetown, gain the tactical skills to plan for and respond to information security threats. Attend our June 12 webinar.

Sign up now: https://thn.news/cyber-risk-2025-ig

🚨 AI tools are the new bait!

Fake ChatGPT & InVideo AI installers are spreading ransomware & destructive malware like CyberLock, Lucky_Gh0$t, and Numero.

Hackers are weaponizing AI hype. Don't trust free tools from shady links.

🔗Details: https://thehackernews.com/2025/05/cybercriminals-target-ai-users-with.html

🚨 Fake News, Real Threats!

Meta just shut down 3 secret influence ops from Iran, China, and Romania using fake accounts, AI, and hashtags to sway public opinion.

👁‍🗨 658 fake Facebook accounts.
🎭 AI-generated profiles.

One Iranian campaign tied to Storm-2035 even misused ChatGPT to spread polarizing propaganda.

🔗 Read details — https://thehackernews.com/2025/05/meta-disrupts-influence-ops-targeting.html

🚨 ConnectWise confirms a targeted cyberattack on its environment—likely tied to a nation-state actor.

Just weeks after patching CVE-2025-3935, suspicious activity hit a small group of customers.

Stay ALERT | Read details: https://thehackernews.com/2025/05/connectwise-hit-by-cyberattack-nation.html

🚨 The U.S. Treasury has sanctioned Funnull, a Philippines-based firm powering thousands of crypto scams—causing over $200M in U.S. losses.

The twist? They used AWS and Azure to host fake sites at scale.

🔹 332K+ domains
🔹 548 spoofed brands
🔹 Avg. victim loss: $150K+

Don’t get played: https://thehackernews.com/2025/05/us-sanctions-funnull-for-200m-romance.html

UPDATE — Two PoC exploits for the BadSuccessor flaw in Windows Server 2025 are now public.

⚠️ One enables stealthy privilege escalation with just a Kerberos ticket
⚠️ SharpSuccessor lets low-priv users gain domain admin via CreateChild rights

Read: https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html

🔥 China-backed hackers are on the move.

Earth Lamia is hitting govts, IT firms & universities in 🇮🇳 🇧🇷 🇻🇳 🇵🇭 🇹🇭 using 9 exploits—incl. SAP NetWeaver & TeamCity.

⚠️ SQL injections
⚠️ Custom malware
⚠️ Ransomware… then delete it?

Full story 👉 https://thehackernews.com/2025/05/china-linked-hackers-exploit-sap-and.html

👀 “We never drop tools. We use yours.” — BlackBasta ransomware.

A new Bitdefender analysis of 700,000 incidents reveals this chilling truth: 84% of major cyberattacks use Living Off the Land tools like netsh.exe, powershell.exe, wmic.exe.

🔗 Read the report: https://thehackernews.com/expert-insights/2025/05/living-off-land-what-we-learned-from.html

“Healthcare loves to walk backwards into the future.” – Jason Elrod, CISO, MultiCare Health System.

Legacy IT nearly broke care delivery. But with identity-based microsegmentation, Elrod flipped the script:
✅ 30K staff
✅ 14 hospitals
✅ Zero downtime
✅ 238% ROI

Security shouldn't be a roadblock—it should be a bridge.

See how MultiCare did it → https://thehackernews.com/2025/05/from-department-of-no-to-culture-of-yes.html

🚨 “Prove you're not a robot” — turns into full system breach!

Hackers are using fake CAPTCHA checks to deploy a stealthy new Rust malware, EDDIESTEALER, via ClickFix—a social engineering trick abusing PowerShell on Windows.

🎯 Targets: Passwords, crypto wallets, cookies, and more.

🔗 Full report: https://thehackernews.com/2025/05/eddiestealer-malware-uses-clickfix.html

🚨 Global cybercrime tool taken down.

On May 27, 2025, U.S., Dutch, and Finnish authorities seized domains like AvCheck[.]net, used by hackers to hide malware from antivirus tools.

👀 The twist? These “security checkers” claimed to detect threats—but were secretly helping cybercriminals stay invisible.

🔗 Details: https://thehackernews.com/2025/05/us-doj-seizes-4-domains-supporting.html

🔐 Two Linux flaws let local attackers steal secrets from crash dumps — including password hashes.

Found in Ubuntu, RHEL & Fedora, the bugs (CVE-2025-5054 & CVE-2025-4598) exploit SUID crash handling.

A simple race—triggered at just the right time—can leak /etc/shadow data.

PoC is public. Mitigations exist.

Read: https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html

👀 “Strategic Opportunity” or Silent Backdoor?

CFOs across Europe, Africa, & Asia are being hunted in a stealth phishing op impersonating Rothschild recruiters. Victims solve a CAPTCHA—then unknowingly install NetBird & OpenSSH, giving attackers remote access.

It’s legit software. Weaponized.

Learn more: https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.html