The Hacker News

? THN Weekly Recap – This Week in Cyber: – Chrome 0-Day exploited in the wild – Kubernetes RCE nightmare exposed – Solar inverters at risk of blackouts – Rclone-powered leak site breached – DNS-based phishing just got stealthier ?? Catch up now:

?? A Russian group, Water Gamayun, is abusing a Windows zero-day (CVE-2025-26633) to drop two chilling backdoors: SilentPrism & DarkWisp. They’re hiding in plain sight—using signed .msi files posing as legit apps like DingTalk & VooV to hijack systems. ?? Targets? Your data, credentials, and even crypto wallets. ?? Techniques? Living-off-the-land, PowerShell implants, fake WinRAR sites—pure cyber espionage playbook. ?? Learn more: https://lnkd.in/duU7QEiM

?? Hackers are abusing WordPress mu-plugins—a hidden auto-run directory—to inject malware, hijack links, and redirect users to scam sites. Also, add these to the list of 2024's major WordPress threats: CVE-2024-27956 | SQL injection CVE-2024-25600 | RCE in Bricks theme CVE-2024-8353 | PHP injection CVE-2024-4345 | Arbitrary file upload If you run a WordPress site, check your mu-plugins folder NOW. ??? Full story: https://lnkd.in/g9pjsyX5

?? AWS doesn't secure your cloud—you do. Most cloud breaches happen because customers miss what's theirs to protect. 5 silent risks you're likely exposed to: ? SSRF attacks ? Leaky S3 buckets ? Over-permissive IAM ? Unpatched EC2 ? Public-facing services AWS secures the foundation. You secure the rest. ?? Start scanning in minutes → https://lnkd.in/gtWCzifZ

?? Russia-linked hackers Gamaredon are using fake war docs to drop Remcos RAT on Ukrainian systems. ?? ZIP → LNK → PowerShell → DLL side-loading → full access Meanwhile, another phishing op is posing as the CIA to trick pro-Ukraine Russians into handing over personal info via Google Forms. Two fronts. One strategy. Learn more: https://lnkd.in/gPG83_2b

?? New Malware: RESURGE China-linked hackers are exploiting Ivanti VPNs via CVE-2025-0282. ??? RESURGE = rootkit + bootkit + web shell ?? Hits critical infrastructure ?? Linked to UNC5337 & Silk Typhoon Patch now | Ivanti <22.7R2.5 is vulnerable Full CISA alert: https://lnkd.in/gb-XEmE2

?? New Android threat spotted: Crocodilus malware is targeting users in Spain and Turkey, posing as Google Chrome to hijack phones. ? Bypasses Android 13+ protections ? Abuses Accessibility to steal credentials ? Records screen & key actions ? Remotely controls the device ? Hides with black screen overlays ?? Targets banks + crypto wallets ?? Learn how it works: https://lnkd.in/g8a7Gt8U

?? Hackers got hacked. BlackLock, a top ransomware gang in 2025, just got owned—by threat hunters who found a fatal flaw in their infrastructure. exposing... ?? Real IPs behind their hidden servers ?? Command history showing OPSEC fails ?? Credentials, configs, and MEGA storage accounts used for exfil ?? Turns out, DragonForce—another ransomware crew—also hacked BlackLock’s site last week, leaking internal chats and configs. Read: https://lnkd.in/gegpMrz6

Organizations are shifting their GRC (Governance, Risk, and Compliance) strategies from reactive to proactive. Hyperproof’s 6th annual IT Risk and Compliance Benchmark Report reveals that 91% of companies now have centralized GRC teams, and 72% plan to grow their compliance teams in 2025. With rising regulatory demands, companies investing in risk management aren’t just avoiding fines—they’re driving operational excellence and strategic growth. Want to see where you stand? Use Hyperproof's new GRC Maturity Model (https://lnkd.in/g8fV4xuH) to assess your compliance readiness and make a business case for improvement. ?? Get the report here: https://lnkd.in/gTB94e_d

?? Hackers can now hijack solar power systems. 46 new bugs found in inverters from Sungrow, Growatt, and SMA. Attackers could shut down power, cause blackouts, or remotely control devices like a botnet. ?? One trick? Reset accounts to default password: 123456 ?? Details: https://lnkd.in/gZWcKsBT