π¨ Three VS Code extensions β downloaded over 10,000 times β turned out to be part of a revived GlassWorm attack.
And... it spreads on its own. One infected developer can quietly compromise an entire team.
They're stealing credentials for GitHub, VSX, and crypto wallets while hiding in plain sight with invisible Unicode characters.
Read the whole story β https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html
And... it spreads on its own. One infected developer can quietly compromise an entire team.
They're stealing credentials for GitHub, VSX, and crypto wallets while hiding in plain sight with invisible Unicode characters.
Read the whole story β https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html
β‘9π4π€―3π₯2π2π1
β οΈ Hackers are posing as Booking[.]com to target hotels.
Fake βsecurityβ emails trick managers into running a PowerShell script that installs PureRAT β giving full access to hotel systems.
Stolen logins and card data are being sold online.
More information here β https://thehackernews.com/2025/11/large-scale-clickfix-phishing-attacks.html
Fake βsecurityβ emails trick managers into running a PowerShell script that installs PureRAT β giving full access to hotel systems.
Stolen logins and card data are being sold online.
More information here β https://thehackernews.com/2025/11/large-scale-clickfix-phishing-attacks.html
π10π7π₯1
Media is too big
VIEW IN TELEGRAM
Everyoneβs building with AI in the cloud.
Few are thinking about how to actually secure it.
#NetworkChuck just dropped a video with Wiz, showing how theyβre finding hidden AI risksββshadow AIββbefore attackers do. Itβs a smart look at where cloud security is headed next.
Worth a watch β
Few are thinking about how to actually secure it.
#NetworkChuck just dropped a video with Wiz, showing how theyβre finding hidden AI risksββshadow AIββbefore attackers do. Itβs a smart look at where cloud security is headed next.
Worth a watch β
π24π3
Last week in cyber was wild.
π Malware hiding in VMs
π€ AI chats leaking through encrypted traffic
π± Spyware on flagship Androids
π£ Logic bombs set to go off years later
π΅οΈββοΈ Fake AI bots, deepfakes, and more...
You canβt afford to miss this recap: https://thehackernews.com/2025/11/weekly-recap-hyper-v-malware-malicious.html
π Malware hiding in VMs
π€ AI chats leaking through encrypted traffic
π± Spyware on flagship Androids
π£ Logic bombs set to go off years later
π΅οΈββοΈ Fake AI bots, deepfakes, and more...
You canβt afford to miss this recap: https://thehackernews.com/2025/11/weekly-recap-hyper-v-malware-malicious.html
π₯10π8
77% of employees paste sensitive data into GenAI tools.
Most use personal accounts, so IT canβt see it.
Itβs all happening in the browser β and old DLP tools miss it completely.
The browser just became the biggest data leak in the enterprise β https://thehackernews.com/2025/11/new-browser-security-report-reveals.html
Most use personal accounts, so IT canβt see it.
Itβs all happening in the browser β and old DLP tools miss it completely.
The browser just became the biggest data leak in the enterprise β https://thehackernews.com/2025/11/new-browser-security-report-reveals.html
π18π7π€―1
North Koreaβs Konni group just pulled off something wild β they turned Googleβs own Find Hub into a weapon.
By stealing Google logins, they could remotely wipe Android phones, erasing data and covering their tracks.
It all started with a fake βStress Clearβ app, signed with a real Chinese companyβs certificate.
Full story β https://thehackernews.com/2025/11/konni-hackers-turn-googles-find-hub.html
By stealing Google logins, they could remotely wipe Android phones, erasing data and covering their tracks.
It all started with a fake βStress Clearβ app, signed with a real Chinese companyβs certificate.
Full story β https://thehackernews.com/2025/11/konni-hackers-turn-googles-find-hub.html
π10π5π1
π¨ UNC6485 is weaponizing CVE-2025-12480 (CVSS 9.1).
They bypassed Triofox auth, ran setup to create an admin, then pointed the antivirus path at centre_report.bat to run code as SYSTEM.
Read β https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html
They bypassed Triofox auth, ran setup to create an admin, then pointed the antivirus path at centre_report.bat to run code as SYSTEM.
Read β https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html
π12π6π₯2π€―1
Hackers arenβt after people anymore β theyβre after bots.
API keys and tokens now run much of your SaaS, often with full access.
One stolen token let attackers break into hundreds of Salesforce accounts.
See how it happened β https://thehackernews.com/expert-insights/2025/11/whos-really-using-your-saas-rise-of-non.html
API keys and tokens now run much of your SaaS, often with full access.
One stolen token let attackers break into hundreds of Salesforce accounts.
See how it happened β https://thehackernews.com/expert-insights/2025/11/whos-really-using-your-saas-rise-of-non.html
π14π₯2π2π2
A fake npm package was caught pretending to be GitHubβs real one.
~acitons/artifact (with the typo) tried to steal build tokens from GitHub repos.
It ran a postinstall script that sent secrets to a fake GitHub site.
Full story β https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html
~acitons/artifact (with the typo) tried to steal build tokens from GitHub repos.
It ran a postinstall script that sent secrets to a fake GitHub site.
Full story β https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html
π₯10π2π2
π¨ π¨ New Android RAT β βFantasy Hubβ β is on sale on Russian Telegram: $200/week or $4,500/year.
It turns any app into spyware, pretends to be a Play update, hijacks SMS to steal 2FA, and streams camera/mic in real time via WebRTC.
Novices can buy and run it. If you use BYOD or mobile banking, read more β https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html
It turns any app into spyware, pretends to be a Play update, hijacks SMS to steal 2FA, and streams camera/mic in real time via WebRTC.
Novices can buy and run it. If you use BYOD or mobile banking, read more β https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html
π₯16π7π3
AI-driven supply chain attacks jumped 156% last year.
This new malware rewrites itself, looks like real code, and waits weeks before hitting. Most security tools canβt spot it.
See what CISOs are doing to fight back β https://thehackernews.com/2025/11/cisos-expert-guide-to-ai-supply-chain.html
This new malware rewrites itself, looks like real code, and waits weeks before hitting. Most security tools canβt spot it.
See what CISOs are doing to fight back β https://thehackernews.com/2025/11/cisos-expert-guide-to-ai-supply-chain.html
π₯6π3π3
π¨ GootLoader is back β and smarter.
Huntress found 3 new cases since Oct 27. In 2 of them, attackers took full control in under 17 hours.
Now it hides fake PDFs using special web fonts so the files look safe. ZIPs fool scanners but open real malware on Windows.
Details β https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html
Huntress found 3 new cases since Oct 27. In 2 of them, attackers took full control in under 17 hours.
Now it hides fake PDFs using special web fonts so the files look safe. ZIPs fool scanners but open real malware on Windows.
Details β https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html
π8π₯3π3
A new malware called Maverick is spreading through WhatsApp Web.
It can copy your Chrome data to skip QR logins, turn off Defender, and message your contacts from your account.
Full story β https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html
It can copy your Chrome data to skip QR logins, turn off Defender, and message your contacts from your account.
Full story β https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html
π±16π₯6π4π4
This media is not supported in your browser
VIEW IN TELEGRAM
π₯ Google just launched Private AI Compute β a new cloud system that runs AI without letting Google see your data.
It keeps Gemini models inside secure, encrypted hardware to protect privacy.
Auditors did find small flaws that could, in rare cases, expose users β but Google says fixes are on the way.
Read more β https://thehackernews.com/2025/11/google-launches-private-ai-compute.html
It keeps Gemini models inside secure, encrypted hardware to protect privacy.
Auditors did find small flaws that could, in rare cases, expose users β but Google says fixes are on the way.
Read more β https://thehackernews.com/2025/11/google-launches-private-ai-compute.html
π₯12π€7π2π±2π1
π€ 82% of companies use AI agents.
π 53% let them access sensitive data every day.
β οΈ Most donβt know who owns or controls them.
One forgotten agent can leak everything.
How to stop it β https://thehackernews.com/expert-insights/2025/11/governing-ai-agents-from-enterprise.html
π 53% let them access sensitive data every day.
β οΈ Most donβt know who owns or controls them.
One forgotten agent can leak everything.
How to stop it β https://thehackernews.com/expert-insights/2025/11/governing-ai-agents-from-enterprise.html
π10π₯4π2
π¨ Microsoft just fixed a Windows flaw hackers are already exploiting in the wild.
The kernel bug (CVE-2025-62215) lets anyone with local access gain full control β and itβs being linked with other attacks for complete takeover.
Install the latest patches now β https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html
The kernel bug (CVE-2025-62215) lets anyone with local access gain full control β and itβs being linked with other attacks for complete takeover.
Install the latest patches now β https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html
π16π₯2
Scale Container Security with Confidence β Live Webinar
Learn how top teams build secure, compliant containers that scale β without slowing delivery.
π Nov 25 | 11 AM EST
ποΈ 20-Minute Session + Q&A
Save Your Seat π https://thn.news/webinar-insights
Learn how top teams build secure, compliant containers that scale β without slowing delivery.
π Nov 25 | 11 AM EST
ποΈ 20-Minute Session + Q&A
Save Your Seat π https://thn.news/webinar-insights
π9
Active Directory is the single point of failure for most enterprises.
One bad password or missed update can give attackers full control. They know it. Most teams donβt act on it.
See what the latest breach exposed β https://thehackernews.com/2025/11/active-directory-under-siege-why.html
One bad password or missed update can give attackers full control. They know it. Most teams donβt act on it.
See what the latest breach exposed β https://thehackernews.com/2025/11/active-directory-under-siege-why.html
π₯9π2π2π€―1
β‘ Hackers only need one open door. Most tools find it after theyβre inside.
Dynamic Attack Surface Reduction (DASR) spots weak points as they appearβand closes them fast. Fewer alerts. Stronger defense.
Join this WEBINAR to see how it works β https://thehackernews.com/2025/11/webinar-learn-how-leading-security.html
Dynamic Attack Surface Reduction (DASR) spots weak points as they appearβand closes them fast. Fewer alerts. Stronger defense.
Join this WEBINAR to see how it works β https://thehackernews.com/2025/11/webinar-learn-how-leading-security.html
π€―5β‘2π2π2
π¨ Amazon revealed details of attacks exploiting two recent flaws in Cisco ISE and Citrix NetScaler β both used as zero-days.
Hackers made a fake Cisco file that hid in memory, watched traffic, and stole access without being seen.
Full story β https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html
Hackers made a fake Cisco file that hid in memory, watched traffic, and stole access without being seen.
Full story β https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html
π₯7π4π1