TECHZONE™

U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html The U.S. Department of Justice (DoJ) on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States. Rami Khaled Ahmed of Sana'a, Yemen, has been charged with one count of conspiracy, one count of intentional damage to a protected computer, and one

TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China https://thehackernews.com/2025/05/tiktok-slammed-with-530-million-gdpr.html Ireland's Data Protection Commission (DPC) on Tuesday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users' data to China. "TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements," the DPC said in a statement. "

How to Automate CVE and Vulnerability Advisory Response with Tines https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches advisories with CrowdStrike

MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks https://thehackernews.com/2025/05/mintsloader-drops-ghostweaver-via.html The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver. "MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts," Recorded Future's Insikt Group said in a report shared with The Hacker News. "The malware employs sandbox and virtual machine evasion techniques, a domain

Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishing-resistant authentication method by default. "Brand new Microsoft accounts will now be 'passwordless by default,'" Microsoft's Joy Chik and Vasu Jakkal said. "New users will have several passwordless options for

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks https://www.welivesecurity.com/en/eset-research/thewizards-apt-group-slaac-spoofing-adversary-in-the-middle-attacks/ ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers https://thehackernews.com/2025/05/fake-security-plugin-on-wordpress.html Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. "Pinging functionality that can report back to a command-and-control (C&C) server

Why top SOC teams are shifting to Network Detection and Response https://thehackernews.com/2025/05/why-top-soc-teams-are-shifting-to.html Security Operations Center (SOC) teams are facing a fundamentally new challenge — traditional cybersecurity tools are failing to detect advanced adversaries who have become experts at evading endpoint-based defenses and signature-based detection systems. The reality of these “invisible intruders” is driving a significant need for a multi-layered approach to detecting threats,

Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign https://thehackernews.com/2025/05/claude-ai-exploited-to-operate-100-fake.html Artificial intelligence (AI) company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X. The sophisticated activity, branded as financially-motivated, is said to have used its AI tool to orchestrate 100 distinct persons on the two social media platforms, creating a

New Research Reveals: 95% of AppSec Fixes Don’t Reduce Risk https://thehackernews.com/2025/05/new-research-reveals-95-of-appsec-fixes.html For over a decade, application security teams have faced a brutal irony: the more advanced the detection tools became, the less useful their results proved to be. As alerts from static analysis tools, scanners, and CVE databases surged, the promise of better security grew more distant. In its place, a new reality took hold—one defined by alert fatigue and overwhelmed teams. According to OX

DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics https://thehackernews.com/2025/05/darkwatchman-sheriff-malware-hit-russia.html Russian companies have been targeted as part of a large-scale phishing campaign that's designed to deliver a known malware called DarkWatchman. Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sectors, Russian cybersecurity company F6 said. The activity is assessed to be the work of a

Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. "This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance," the company

SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild. The vulnerabilities in question are listed below - CVE-2023-44221 (CVSS score: 7.2) - Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to

Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense https://thehackernews.com/2025/04/experts-uncover-critical-mcp-and-a2a.html As the field of artificial intelligence (AI) continues to evolve at a rapid pace, new research has found how techniques that render the Model Context Protocol (MCP) susceptible to prompt injection attacks could be used to develop security tooling or identify malicious tools, according to a new report from Tenable. MCP, launched by Anthropic in November 2024, is a framework designed to connect

[Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats https://thehackernews.com/2025/04/free-webinar-guide-to-securing-your.html How Many Gaps Are Hiding in Your Identity System? It’s not just about logins anymore. Today’s attackers don’t need to “hack” in—they can trick their way in. Deepfakes, impersonation scams, and AI-powered social engineering are helping them bypass traditional defenses and slip through unnoticed. Once inside, they can take over accounts, move laterally, and cause long-term damage—all without

Customer Account Takeovers: The Multi-Billion Dollar Problem You Don’t Know About https://thehackernews.com/2025/04/customer-account-takeovers-multi.html Everyone has cybersecurity stories involving family members. Here’s a relatively common one. The conversation usually goes something like this:  “The strangest thing happened to my streaming account. I got locked out of my account, so I had to change my password. When I logged back in, all my shows were gone. Everything was in Spanish and there were all these Spanish shows I’ve never seen

Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool https://thehackernews.com/2025/04/chinese-hackers-abuse-ipv6-slaac-for.html A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversary-in-the-middle (AitM) attacks. "Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration (SLAAC) spoofing, to move laterally in the compromised network, intercepting packets and

This month in security with Tony Anscombe – April 2025 edition https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-april-2025-edition/ From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity

RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control https://thehackernews.com/2025/04/ransomhub-went-dark-april-1-affiliates.html Cybersecurity researchers have revealed that RansomHub's online infrastructure has "inexplicably" gone offline as of April 1, 2025, prompting concerns among affiliates of the ransomware-as-a-service (RaaS) operation. Singaporean cybersecurity company Group-IB said that this may have caused affiliates to migrate to Qilin, given that "disclosures on its DLS [data leak site] have doubled since

Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code https://thehackernews.com/2025/04/meta-launches-llamafirewall-framework.html Meta on Tuesday announced LlamaFirewall, an open-source framework designed to secure artificial intelligence (AI) systems against emerging cyber risks such as prompt injection, jailbreaks, and insecure code, among others. The framework, the company said, incorporates three guardrails, including PromptGuard 2, Agent Alignment Checks, and CodeShield. PromptGuard 2 is designed to detect direct