🚨 AI tools are the new bait!

Fake ChatGPT & InVideo AI installers are spreading ransomware & destructive malware like CyberLock, Lucky_Gh0$t, and Numero.

Hackers are weaponizing AI hype. Don't trust free tools from shady links.

🔗Details: https://thehackernews.com/2025/05/cybercriminals-target-ai-users-with.html

🚨 Fake News, Real Threats!

Meta just shut down 3 secret influence ops from Iran, China, and Romania using fake accounts, AI, and hashtags to sway public opinion.

👁‍🗨 658 fake Facebook accounts.
🎭 AI-generated profiles.

One Iranian campaign tied to Storm-2035 even misused ChatGPT to spread polarizing propaganda.

🔗 Read details — https://thehackernews.com/2025/05/meta-disrupts-influence-ops-targeting.html

🚨 ConnectWise confirms a targeted cyberattack on its environment—likely tied to a nation-state actor.

Just weeks after patching CVE-2025-3935, suspicious activity hit a small group of customers.

Stay ALERT | Read details: https://thehackernews.com/2025/05/connectwise-hit-by-cyberattack-nation.html

🚨 The U.S. Treasury has sanctioned Funnull, a Philippines-based firm powering thousands of crypto scams—causing over $200M in U.S. losses.

The twist? They used AWS and Azure to host fake sites at scale.

🔹 332K+ domains
🔹 548 spoofed brands
🔹 Avg. victim loss: $150K+

Don’t get played: https://thehackernews.com/2025/05/us-sanctions-funnull-for-200m-romance.html

UPDATE — Two PoC exploits for the BadSuccessor flaw in Windows Server 2025 are now public.

⚠️ One enables stealthy privilege escalation with just a Kerberos ticket
⚠️ SharpSuccessor lets low-priv users gain domain admin via CreateChild rights

Read: https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html

🔥 China-backed hackers are on the move.

Earth Lamia is hitting govts, IT firms & universities in 🇮🇳 🇧🇷 🇻🇳 🇵🇭 🇹🇭 using 9 exploits—incl. SAP NetWeaver & TeamCity.

⚠️ SQL injections
⚠️ Custom malware
⚠️ Ransomware… then delete it?

Full story 👉 https://thehackernews.com/2025/05/china-linked-hackers-exploit-sap-and.html

👀 “We never drop tools. We use yours.” — BlackBasta ransomware.

A new Bitdefender analysis of 700,000 incidents reveals this chilling truth: 84% of major cyberattacks use Living Off the Land tools like netsh.exe, powershell.exe, wmic.exe.

🔗 Read the report: https://thehackernews.com/expert-insights/2025/05/living-off-land-what-we-learned-from.html

“Healthcare loves to walk backwards into the future.” – Jason Elrod, CISO, MultiCare Health System.

Legacy IT nearly broke care delivery. But with identity-based microsegmentation, Elrod flipped the script:
✅ 30K staff
✅ 14 hospitals
✅ Zero downtime
✅ 238% ROI

Security shouldn't be a roadblock—it should be a bridge.

See how MultiCare did it → https://thehackernews.com/2025/05/from-department-of-no-to-culture-of-yes.html

🚨 “Prove you're not a robot” — turns into full system breach!

Hackers are using fake CAPTCHA checks to deploy a stealthy new Rust malware, EDDIESTEALER, via ClickFix—a social engineering trick abusing PowerShell on Windows.

🎯 Targets: Passwords, crypto wallets, cookies, and more.

🔗 Full report: https://thehackernews.com/2025/05/eddiestealer-malware-uses-clickfix.html

🚨 Global cybercrime tool taken down.

On May 27, 2025, U.S., Dutch, and Finnish authorities seized domains like AvCheck[.]net, used by hackers to hide malware from antivirus tools.

👀 The twist? These “security checkers” claimed to detect threats—but were secretly helping cybercriminals stay invisible.

🔗 Details: https://thehackernews.com/2025/05/us-doj-seizes-4-domains-supporting.html

🔐 Two Linux flaws let local attackers steal secrets from crash dumps — including password hashes.

Found in Ubuntu, RHEL & Fedora, the bugs (CVE-2025-5054 & CVE-2025-4598) exploit SUID crash handling.

A simple race—triggered at just the right time—can leak /etc/shadow data.

PoC is public. Mitigations exist.

Read: https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html

👀 “Strategic Opportunity” or Silent Backdoor?

CFOs across Europe, Africa, & Asia are being hunted in a stealth phishing op impersonating Rothschild recruiters. Victims solve a CAPTCHA—then unknowingly install NetBird & OpenSSH, giving attackers remote access.

It’s legit software. Weaponized.

Learn more: https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.html

Cyberattacks are getting smarter—not louder.

APTs, AI malware, and browser hijacks are slipping in through trusted tools.

We’ve cut through the noise—here are the key exploits, CVEs, and tactics to know.

🔗 Read latest weekly recap: https://thehackernews.com/2025/06/weekly-recap-apt-intrusions-ai-malware.html

🚨 EDR alone won’t cut it anymore.

Today’s threats bypass traditional tools—using stealth, encryption, and insider tactics.

That’s why banks, energy firms, and governments are turning to Network Detection & Response (NDR) to catch what SIEM and EDR can’t.

From Volt Typhoon to hidden data theft—NDR sees what others miss.

Find out how → https://thehackernews.com/2025/06/the-secret-defense-strategy-of-four.html

🚨 Qualcomm just patched 3 zero-days actively exploited in the wild—two rated CVSS 8.6.

▶ CVE-2025-21479
▶ CVE-2025-21480
▶ CVE-2025-27038

👀 A twist? Similar bugs were used by spyware vendors like Variston and Cy4Gate.

More here: https://thehackernews.com/2025/06/qualcomm-fixes-3-zero-days-used-in.html

🚨 JINX-0132 is hijacking DevOps servers for cryptomining—no malware, no staging.

They’re exploiting Docker, Gitea, Consul & Nomad (first known wild exploit) using tools straight from GitHub.

🔍 First known exploit of Nomad misconfigs in the wild
💰 $10K+ in compute stolen/month
🌍 5,700+ exposed servers (US, China, EU...)

🔗 Full story: https://thehackernews.com/2025/06/cryptojacking-campaign-exploits-devops.html

🚨 WARNING: Another Chrome zero-day exploited in the wild.

Google just patched CVE-2025-5419 — a high-severity V8 engine flaw found by its own Threat Analysis Group.

Attackers are already using it via malicious HTML pages.

Update Chrome NOW | Read: https://thehackernews.com/2025/06/new-chrome-zero-day-actively-exploited.html

🕵️‍♂️ APT29? Cozy Bear? Midnight Blizzard?

Same hacker. Different names.

🔥 Microsoft and CrowdStrike are finally fixing the naming mess. Faster attribution. Better defense.

Check it out → https://thehackernews.com/2025/06/microsoft-and-crowdstrike-launch-shared.html

🚨 Chrome to Block TLS Certificates from Two Major Certificate Authorities.

Why? Repeated security failures. Broken promises. No real progress.

Read: https://thehackernews.com/2025/06/google-chrome-to-distrust-two.html

⚠️ Switch CAs now to avoid disruptions.

🚨 New Android malware 'Crocodilus' spreads worldwide.

First seen in Spain & Turkey, it now targets users in 🇵🇱 Poland, 🇧🇷 Brazil, 🇦🇷 Argentina, 🇮🇳 India & more.

It:
🔸 Steals crypto seed phrases
🔸 Poses as " Bank Support " to evade Google alerts
🔸 Spreads via Facebook ads

🔗 Details: https://thehackernews.com/2025/06/android-trojan-crocodilus-now-active-in.html