Everyone’s building with AI in the cloud.

Few are thinking about how to actually secure it.

#NetworkChuck just dropped a video with Wiz, showing how they’re finding hidden AI risks—“shadow AI”—before attackers do. It’s a smart look at where cloud security is headed next.

Worth a watch →

Last week in cyber was wild.

🔒 Malware hiding in VMs
🤖 AI chats leaking through encrypted traffic
📱 Spyware on flagship Androids
💣 Logic bombs set to go off years later
🕵️‍♂️ Fake AI bots, deepfakes, and more...

You can’t afford to miss this recap: https://thehackernews.com/2025/11/weekly-recap-hyper-v-malware-malicious.html

77% of employees paste sensitive data into GenAI tools.
Most use personal accounts, so IT can’t see it.

It’s all happening in the browser — and old DLP tools miss it completely.

The browser just became the biggest data leak in the enterprise ↓ https://thehackernews.com/2025/11/new-browser-security-report-reveals.html

North Korea’s Konni group just pulled off something wild — they turned Google’s own Find Hub into a weapon.

By stealing Google logins, they could remotely wipe Android phones, erasing data and covering their tracks.

It all started with a fake “Stress Clear” app, signed with a real Chinese company’s certificate.

Full story ↓ https://thehackernews.com/2025/11/konni-hackers-turn-googles-find-hub.html

🚨 UNC6485 is weaponizing CVE-2025-12480 (CVSS 9.1).

They bypassed Triofox auth, ran setup to create an admin, then pointed the antivirus path at centre_report.bat to run code as SYSTEM.

Read ↓ https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html

Hackers aren’t after people anymore — they’re after bots.

API keys and tokens now run much of your SaaS, often with full access.

One stolen token let attackers break into hundreds of Salesforce accounts.

See how it happened ↓ https://thehackernews.com/expert-insights/2025/11/whos-really-using-your-saas-rise-of-non.html

A fake npm package was caught pretending to be GitHub’s real one.

~acitons/artifact (with the typo) tried to steal build tokens from GitHub repos.

It ran a postinstall script that sent secrets to a fake GitHub site.

Full story ↓ https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html

🚨 🚨 New Android RAT — “Fantasy Hub” — is on sale on Russian Telegram: $200/week or $4,500/year.

It turns any app into spyware, pretends to be a Play update, hijacks SMS to steal 2FA, and streams camera/mic in real time via WebRTC.

Novices can buy and run it. If you use BYOD or mobile banking, read more ↓ https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html

AI-driven supply chain attacks jumped 156% last year.

This new malware rewrites itself, looks like real code, and waits weeks before hitting. Most security tools can’t spot it.

See what CISOs are doing to fight back ↓ https://thehackernews.com/2025/11/cisos-expert-guide-to-ai-supply-chain.html

🚨 GootLoader is back — and smarter.

Huntress found 3 new cases since Oct 27. In 2 of them, attackers took full control in under 17 hours.

Now it hides fake PDFs using special web fonts so the files look safe. ZIPs fool scanners but open real malware on Windows.

Details ↓ https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html

A new malware called Maverick is spreading through WhatsApp Web.

It can copy your Chrome data to skip QR logins, turn off Defender, and message your contacts from your account.

Full story ↓ https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html