Hackers aren’t after people anymore — they’re after bots.

API keys and tokens now run much of your SaaS, often with full access.

One stolen token let attackers break into hundreds of Salesforce accounts.

See how it happened ↓ https://thehackernews.com/expert-insights/2025/11/whos-really-using-your-saas-rise-of-non.html

A fake npm package was caught pretending to be GitHub’s real one.

~acitons/artifact (with the typo) tried to steal build tokens from GitHub repos.

It ran a postinstall script that sent secrets to a fake GitHub site.

Full story ↓ https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html

🚨 🚨 New Android RAT — “Fantasy Hub” — is on sale on Russian Telegram: $200/week or $4,500/year.

It turns any app into spyware, pretends to be a Play update, hijacks SMS to steal 2FA, and streams camera/mic in real time via WebRTC.

Novices can buy and run it. If you use BYOD or mobile banking, read more ↓ https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html

AI-driven supply chain attacks jumped 156% last year.

This new malware rewrites itself, looks like real code, and waits weeks before hitting. Most security tools can’t spot it.

See what CISOs are doing to fight back ↓ https://thehackernews.com/2025/11/cisos-expert-guide-to-ai-supply-chain.html

🚨 GootLoader is back — and smarter.

Huntress found 3 new cases since Oct 27. In 2 of them, attackers took full control in under 17 hours.

Now it hides fake PDFs using special web fonts so the files look safe. ZIPs fool scanners but open real malware on Windows.

Details ↓ https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html

A new malware called Maverick is spreading through WhatsApp Web.

It can copy your Chrome data to skip QR logins, turn off Defender, and message your contacts from your account.

Full story ↓ https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html

🔥 Google just launched Private AI Compute — a new cloud system that runs AI without letting Google see your data.

It keeps Gemini models inside secure, encrypted hardware to protect privacy.

Auditors did find small flaws that could, in rare cases, expose users — but Google says fixes are on the way.

Read more ↓ https://thehackernews.com/2025/11/google-launches-private-ai-compute.html

🤖 82% of companies use AI agents.
🔐 53% let them access sensitive data every day.
⚠️ Most don’t know who owns or controls them.

One forgotten agent can leak everything.

How to stop it → https://thehackernews.com/expert-insights/2025/11/governing-ai-agents-from-enterprise.html

🚨 Microsoft just fixed a Windows flaw hackers are already exploiting in the wild.

The kernel bug (CVE-2025-62215) lets anyone with local access gain full control — and it’s being linked with other attacks for complete takeover.

Install the latest patches now ↓ https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html

Scale Container Security with Confidence — Live Webinar

Learn how top teams build secure, compliant containers that scale — without slowing delivery.

📅 Nov 25 | 11 AM EST
🎙️ 20-Minute Session + Q&A

Save Your Seat 👇 https://thn.news/webinar-insights

Active Directory is the single point of failure for most enterprises.

One bad password or missed update can give attackers full control. They know it. Most teams don’t act on it.

See what the latest breach exposed → https://thehackernews.com/2025/11/active-directory-under-siege-why.html

⚡ Hackers only need one open door. Most tools find it after they’re inside.

Dynamic Attack Surface Reduction (DASR) spots weak points as they appear—and closes them fast. Fewer alerts. Stronger defense.

Join this WEBINAR to see how it works ↓ https://thehackernews.com/2025/11/webinar-learn-how-leading-security.html

🚨 Amazon revealed details of attacks exploiting two recent flaws in Cisco ISE and Citrix NetScaler — both used as zero-days.

Hackers made a fake Cisco file that hid in memory, watched traffic, and stole access without being seen.

Full story → https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html

💻 Google sued a Chinese hacker group that runs a phishing service called Lighthouse.

It tricked over 1 million people in 120 countries and made more than $1 billion using fake Google and USPS pages.

They sold the phishing kits — $88 a week to $1,588 a year.

Read more → https://thehackernews.com/2025/11/google-sues-china-based-hackers-behind.html

🚨 Over 43,000 fake npm packages have flooded the registry since 2024.

They don’t steal data — they just keep cloning themselves. A hidden script waits until someone runs node auto.js, then the cycle starts.

It went unnoticed for almost two years.

Read more → https://thehackernews.com/2025/11/over-46000-fake-npm-packages-flood.html

🚨 CISA says hackers are exploiting a serious WatchGuard firewall flaw (CVE-2025-9242, score 9.3).

Attackers can run code without logging in.

Over 54,000 Firebox devices are still exposed. Patch before Dec 3.

Details ↓ https://thehackernews.com/2025/11/cisa-flags-critical-watchguard-fireware.html

🚨 New ThreatsDay Bulletin is out!

From AI bug bounties and data leaks to phishing kits and global cyber laws — here’s what’s shaping the week in cybersecurity.

👉 Read the full update: https://thehackernews.com/2025/11/threatsday-bulletin-cisco-0-days-ai-bug.html

🚨 Europol took down 3 big malware groups — Rhadamanthys Stealer, Venom RAT, and the Elysium botnet.

They shut down 1,025 servers and 20 websites.

The main hacker was caught in Greece with 100,000 crypto wallets from victims.

Full story ↓ https://thehackernews.com/2025/11/operation-endgame-dismantles.html

Most tools that promise to simplify Google Workspace offboarding end up creating more problems than they solve. Rigid workflows. Chat messages left unarchived. Manual fixes that take hours... Curious how companies like Google automate their deprovisioning in a no-code way?

Join a Cloud Space Architect from Google and the Zenphi team to see how IT departments:

Trigger offboarding automatically from HR or Directory events

Archive Gmail, Drive, and Chat in one flow

Clean up devices and shares instantly

Cut costs associated with offboarding by up to 80%!

📅 Nov 20, 2025 | 30-min live session
➡️ Register to ask questions live and get the recording: https://thn.news/secure-offboarding

#GoogleWorkspace #SecurityAutomation #GmailSecurity #ITAdmin #ITOperations #Cybersecurity #Offboarding #DataArchiving #MDM #GoogleAdmin #GoogleDrive

🚨 A fake Ethereum wallet called “Safery” is still up on the Chrome Web Store.

It steals your seed phrase by hiding it in Sui wallet addresses and sending tiny blockchain payments.

Looks safe. Isn’t. Read here ↓ https://thehackernews.com/2025/11/fake-chrome-extension-safery-steals.html