Hackers found a new Windows 11 setup bypass after Microsoft blocked the old one. Apple ID phishing scams are on the rise, targeting 2B users. A Canon printer flaw (CVE-2025-1268) allows code execution. The FBI raided IU cybersecurity expert XiaoFeng Wang’s homes, but details remain undisclosed. Israel’s new cyber chief, Yossi Karadi, takes over amid rising threats. Jisc launches a UK cybersecurity center for universities, and Mitel warns users of a severe XSS vulnerability. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Security firms confirm Oracle Cloud’s potential breach, affecting 140,000 tenants. A critical Windows zero-day threatens NTLM credentials, while Google patches Chrome’s first 2025 zero-day. VMware fixes a privilege escalation flaw, and Signal is now pre-installed on government devices. Meanwhile, a Chinese hacking group has been linked to global cyber espionage. The SEC tightens cybersecurity disclosure rules, and MORSECORP pays $4.6M for cybersecurity fraud. Reference:https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

A Signal chat leak involving Trump officials raised security concerns. Oracle’s data breach was confirmed, while a Canadian hacker was extradited for major cybercrimes. KLIA faced a cyberattack with a $10M ransom demand. India pushes for cybersecurity self-reliance, while Dragos expands OT security in Canada. VMware and Veeam patched major vulnerabilities. H3C routers remain at risk with no fix. Vodafone launched a cybersecurity hub for German SMEs, and a defense contractor settled a $4.6M fraud case. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

A Kubernetes vulnerability exposes 6,500+ clusters to RCE attacks, while KLIA faces a cyber threat with a $10M ransom demand. Next.js patches a critical security flaw, and Oracle denies claims of a major cloud breach. Microsoft deploys AI agents for cybersecurity automation. India rejects social media rumors about a military drone hack. Meanwhile, UAE activates emergency security measures after cyberattacks on government and private entities. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Oracle denies an SSO breach despite hacker claims. AI-powered attacks are rising, with leaders overestimating cyber readiness. Kaspersky leads OT security in Asia, while Trend Micro open-sources an AI-driven cybersecurity model. South Africa’s Astral Foods suffers cyber losses, and Singapore boosts AI and quantum defense. Inforte expands cybersecurity reach in META. India’s “Hack the Future” hackathon and Maharashtra’s AI policy aim to enhance cyber resilience. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

 This episode covers Microsoft's unpatched zero-day flaw exploited by 11 APT groups, the $1.4B Bybit hack by Lazarus Group, and the growing risks of quantum hacking. We analyze the impact of DOGE’s cybersecurity cuts, Fortinet’s exploited vulnerability, IBM’s critical AIX flaws, and Hong Kong’s new cyber law. We also discuss Google’s $32B Wiz acquisition, Apache Tomcat’s RCE vulnerability, and key crypto security tips post-Bybit attack. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

China’s MirrorFace (APT10) used ANEL & AsyncRAT for cyber espionage. GitHub supply chain attacks compromised 23,000 repos. A ChatGPT SSRF exploit targeted U.S. government agencies. Apache Tomcat RCE and Apple’s Passwords app flaw exposed users. Google’s OSV-Scanner 2.0 boosts open-source security, while Singapore’s HSA pushes medical device cybersecurity. AI-driven threats rise, demanding stronger defenses. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Lazarus hackers tried laundering $100M via OKX, prompting a DEX shutdown. Apache Tomcat’s CVE-2025-24813 was exploited 30 hours after disclosure. Google is in talks to acquire Wiz for $30B. A Kolkata tailor hacked ATMs using YouTube tutorials. A GitHub supply chain attack exposed thousands of secrets. Operant AI expands to India, while Linux kernel CVE-2024-36904 gets a PoC exploit. Taiwan’s Poison Vine APT is targeting China, and Mexico’s president faced a cyber breach. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Hackers are exploiting Gmail lockouts, AI-driven phishing, and Medusa ransomware to target users. China’s quantum satellite link reshapes cybersecurity, while North Korea’s Bitcoin stash grows after the Bybit hack. OKX faces regulatory scrutiny, and private equity firms struggle with cyber defenses. TP-Link routers remain vulnerable to attacks. With cyber threats on the rise, users must update security practices, adopt phishing-resistant authentication, and stay vigilant against evolving threats. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

The White House urges agencies to retain cybersecurity teams amid budget cuts, warning of national security risks. GitHub uncovered high-severity ruby-saml flaws enabling account takeovers. A critical WordPress plugin vulnerability threatens 5M+ sites. Microsoft patched a zero-day exploited since 2023, while Apple released an emergency iOS update for a WebKit flaw. Australia introduced strict cybersecurity laws, and IDRBT launched an AI-driven banking security platform. MSRC continues to lead global cyber defense. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

China-linked UNC3886 hacked Juniper routers using custom backdoors, while Microsoft patched six actively exploited zero-days, including a ChatGPT-trojan exploit. Apple fixed a WebKit flaw targeting iPhones, and the Ballista botnet exploited TP-Link routers. CISA cut $10M in cyber funding, and OKX denied Bybit hack allegations. Ledger helped Trezor fix a security flaw, and a critical FreeType vulnerability is under active attack. Cyber risks are rising—stay updated! Reference:https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Apple patched a WebKit zero-day (CVE-2025-24201) exploited in targeted attacks. CISA cut election security funding, citing cost savings. EU regulators probed OKX after Bybit’s $1.5B hack. The University of South Florida received $40M for a cybersecurity-focused college. A mass-exploited PHP flaw fueled global cyberattacks. Trump nominated Sean Plankey to lead CISA. Kerala’s lottery server faced 150 hacking attempts. SAP patched high-severity vulnerabilities, and CISOs faced burnout challenges. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Iran-linked hackers leaked Israeli gun owners’ data, while the Trump administration cut $10M in election cybersecurity funding. X (formerly Twitter) faced a large-scale cyberattack, and PHP vulnerability CVE-2024-4577 is being mass-exploited worldwide. Nova Scotia Power proposed $6.8M in cybersecurity upgrades, and CISA added new exploited flaws to its KEV list. The OPM is reviewing security risks from DOGE, while the ESP32 Bluetooth backdoor claim was debunked. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

North Korea’s Lazarus Group laundered $300M from the ByBit hack, while Ripple’s Chris Larsen lost $661M in an XRP theft linked to a LastPass breach. A Python library vulnerability exposed 43M installations, and India faced a surge in hacktivist attacks. AI-driven cybersecurity advances with Getvisibility’s acquisition, and Mphasis partners with SecPod for vulnerability management. DeFi remains under attack, as the 1inch hack exposes risks in smart contracts. The cybersecurity arms race continues. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Broadcom patches actively exploited VMware flaws, while Windows KDC Proxy RCE threatens remote takeovers. Bybit’s $1.4B hack linked to North Korea’s Lazarus Group, with 77% of funds still traceable. Google’s March Android update fixes 40+ vulnerabilities, and Samsung patches 58 bugs. Lloyds Bank patents AI-driven security tech, and a survey ranks cybersecurity & AI as top risks. The Pentagon denies halting cyber ops, and CISA mandates urgent patching for critical threats. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Cybersecurity hiring is tightening, prioritizing generalists over specialists. Opus Security’s AI-driven platform automates vulnerability management, while hackers exploit a Paragon Partition Manager zero-day for ransomware. CISA denies refocusing away from Russian threats, and the EU’s new liability law forces stricter cybersecurity compliance. Trump’s cyber policy remains unclear. Verizon and Accenture team up for security, and a new Windows Hyper-V exploit threatens systems. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Verizon & Accenture joined forces to tackle cyber threats, while the U.S. allegedly eased pressure on Russia in cybersecurity policies. Poland’s space agency was hacked, with fingers pointing at Russia. BlackBerry sold its Cylance security assets to Arctic Wolf but remains a player in critical cybersecurity. Meanwhile, a wrongful arrest in an Australian hacking case raises concerns. Lastly, the cybersecurity market is set to hit $423.8B by 2033, driven by AI and Zero Trust strategies. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

The Orissa High Court raises concerns over Aadhaar’s security risks. Hackers exploit a Confluence vulnerability to deploy LockBit ransomware. An AI-generated Trump-Musk video hijacks HUD systems. Russia warns its financial sector of a major IT provider hack. CISA alerts on Oracle Agile PLM vulnerability being actively exploited. Netflix’s Zero Day reflects real-world cyber risks. Pakistan calls for a national cybersecurity strategy, and Canada’s Imaflex suffers a cyberattack. Cyber threats are escalating—stay informed! Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Bybit suffered a $2.4B hack, the biggest in crypto history, linked to the Lazarus Group. OpenText launched AI-powered Cybersecurity Cloud to tackle evolving threats. A critical F5 BIG-IP vulnerability (CVE-2025-20029) allows attackers to gain root access. The US Treasury was hacked using a PostgreSQL zero-day. Research exposed security flaws in smart beds. India’s ports are boosting cybersecurity, while Kuwait proposed a global cyber cooperation initiative. Cyber threats continue to evolve at breakneck speed. Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

This week on Hacker Hacks, Microsoft patched two critical vulnerabilities, including an actively exploited Power Pages flaw. Warby Parker faces a $1.5M HIPAA fine, and Medusa ransomware targets UK healthcare giant HCRG. AI infrastructure remains vulnerable due to subsea cable risks, while a Juniper Networks exploit threatens enterprise security. Ivanti’s PoC exploit raises alarms, and teens exploit a Kia flaw for car thefts. Plus, TRICARE’s $11M cybersecurity settlement. Reference:https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/