🚨 FBI ALERT: Scammers are posing as banks to steal logins — causing $262M in losses this year.

Now they’re using AI to create fake Black Friday sites and ads that look real.

They trick people into handing over passwords and money.

Learn more ↓ https://thehackernews.com/2025/11/fbi-reports-262m-in-ato-fraud-as.html

Russia’s GRU tried a new way to spread RomCom malware.

For the first time, they used SocGholish — fake browser update malware — to target a U.S. engineering firm linked to Ukraine.

The attack went from click to malware in under 30 minutes.

Read the latest report ↓ https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html

🚨 A Chrome extension is stealing crypto.

“Crypto Copilot” looks like a trading tool for X — but it secretly adds a hidden Solana transfer and sends your money to a hacker’s wallet.

It’s still live on the Chrome Web Store.

Full story ↓ https://thehackernews.com/2025/11/chrome-extension-caught-injecting.html

⚠️ Hackers love community update tools.
Why? Because anyone can upload a package.
One bad update = hacked systems.

🔒 Join our free live webinar with Action1 CTO Gene Moody — see how to patch safely without slowing down.

Save your spot ↓ https://thehackernews.com/2025/11/webinar-learn-to-spot-risks-and-patch.html

🤖 We talk a lot about securing AI.

Almost no one talks about where it’s actually hiding.

NetworkChuck just dropped a video with Wiz, showing how they’re finding hidden AI risks—“shadow AI”—before attackers do. It’s a smart look at where cloud security is headed next.

🚀See Wiz in Action → https://thn.news/cloud-security-demo

🔥 Hackers hit South Korea’s banks through one IT vendor — spreading Qilin ransomware to 28 firms and stealing 2 TB of data.

Evidence suggests Russian and North Korean groups worked together.

Full story ↓ https://thehackernews.com/2025/11/qilin-ransomware-turns-south-korean-msp.html

⚠️ Eight “advanced” tools failed at once.

A phishing attack slipped past all of them and reached exec inboxes. Only one thing stopped it — a strong SOC.

🔗 Learn why your “first line” is useless without the last ↓ https://thehackernews.com/2025/11/when-your-2m-security-detection-fails.html

⚠️ Hundreds of Maven packages just got caught running Shai-Hulud v2 — the same malware that hijacked npm.

It spread through automated rebuilds, infecting devs who never used npm.

Hiding in the Bun runtime, it steals GitHub + cloud creds and self-replicates like a worm — already leaking 11,000+ secrets across 4,600 repos.

Details here ↓ https://thehackernews.com/2025/11/shai-hulud-v2-campaign-spreads-from-npm.html

🛑 Gainsight just revealed more customers were affected than originally disclosed.

Salesforce revoked all Gainsight access tokens after the breach tied to ShinyHunters — and the same user-agent from prior Salesloft attacks popped up again.

The full scope remains unknown.

Read here → https://thehackernews.com/2025/11/gainsight-expands-impacted-customer.html

🚨 New ThreatsDay Bulletin is live!

🤖 AI malware that learns your habits
📞 Voice bots turned into attack tools
💸 Crypto rings laundering billions
🔌 IoT gear under siege again
🌍 Smishing scams spreading worldwide

All that and 20+ more stories shaping the week in cybersecurity.

🔗 Read now: https://thehackernews.com/2025/11/threatsday-bulletin-ai-malware-voice.html