π¨ New ThreatsDay Bulletin is live!
π€ AI malware that learns your habits
π Voice bots turned into attack tools
πΈ Crypto rings laundering billions
π IoT gear under siege again
π Smishing scams spreading worldwide
All that and 20+ more stories shaping the week in cybersecurity.
π Read now: https://thehackernews.com/2025/11/threatsday-bulletin-ai-malware-voice.html
π€ AI malware that learns your habits
π Voice bots turned into attack tools
πΈ Crypto rings laundering billions
π IoT gear under siege again
π Smishing scams spreading worldwide
All that and 20+ more stories shaping the week in cybersecurity.
π Read now: https://thehackernews.com/2025/11/threatsday-bulletin-ai-malware-voice.html
π₯9π€5
Microsoft will block all non-Microsoft scripts on Entra ID logins starting Oct 2026.
If your sign-in flow or browser extension injects any code, it may break β so test ASAP.
The new Content Security Policy only lets trusted Microsoft-hosted scripts.
Read more β https://thehackernews.com/2025/11/microsoft-to-block-unauthorized-scripts.html
If your sign-in flow or browser extension injects any code, it may break β so test ASAP.
The new Content Security Policy only lets trusted Microsoft-hosted scripts.
Read more β https://thehackernews.com/2025/11/microsoft-to-block-unauthorized-scripts.html
π€12π9π3
Hackers posing as Kyrgyzstanβs Justice Ministry are spreading 2013-era NetSupport RAT across Kyrgyzstan and Uzbekistan using fake PDFs and old Java tricksβblocking outsiders to hide the attack.
Old tools. New victims. β https://thehackernews.com/2025/11/bloody-wolf-expands-java-based.html
Old tools. New victims. β https://thehackernews.com/2025/11/bloody-wolf-expands-java-based.html
π₯19π4π4π1
VPNs werenβt built for todayβs hybrid networks. Hackers now exploit them as entry points to steal admin creds.
Remote Privileged Access Management (RPAM) closes that gap β no VPNs, no shared passwords, full session tracking.
Why itβs replacing PAM β https://thehackernews.com/2025/11/why-organizations-are-turning-to-rpam.html
Remote Privileged Access Management (RPAM) closes that gap β no VPNs, no shared passwords, full session tracking.
Why itβs replacing PAM β https://thehackernews.com/2025/11/why-organizations-are-turning-to-rpam.html
π₯14π€―5π3π1
π¨ North Korean hackers uploaded 197 malicious npm packages (31K+ downloads).
They drop a new OtterCookie variant that steals passwords, crypto data, and screenshots β all from a fake job interview setup.
Details here β https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html
They drop a new OtterCookie variant that steals passwords, crypto data, and screenshots β all from a fake job interview setup.
Details here β https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html
π8π₯6π±4π3π€―1
β οΈ Researchers found old Python code that could expose projects to a supply chain attack.
Some PyPI packages β including Tornado and slapos.core β still call an expired domain that anyone could buy and use to run malicious code.
Details β https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html
Some PyPI packages β including Tornado and slapos.core β still call an expired domain that anyone could buy and use to run malicious code.
Details β https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html
π₯11π±6
π¨ CISA added a real-world exploited flaw in OpenPLC ScadaBR to its Known Exploited Vulnerabilities list.
Hackers used the bug (CVE-2021-26829) to deface a fake water plant system in under 26 hours β disabling logs and alarms.
Read β https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.html
Hackers used the bug (CVE-2021-26829) to deface a fake water plant system in under 26 hours β disabling logs and alarms.
Read β https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.html
π18π₯9β‘5
π¨ Tomiris is back β and harder to spot.
Kaspersky reports the group is using Telegram & Discord as C2 servers to hide attacks on government networks in Russia & Central Asia.
Its new malware β written in Python, Rust, Go, PowerShell & C#.
Full details β https://thehackernews.com/2025/12/tomiris-shifts-to-public-service.html
Kaspersky reports the group is using Telegram & Discord as C2 servers to hide attacks on government networks in Russia & Central Asia.
Its new malware β written in Python, Rust, Go, PowerShell & C#.
Full details β https://thehackernews.com/2025/12/tomiris-shifts-to-public-service.html
π13π5
π¨ New Android malware Albiriox is being sold as a service.
It can remotely control phones, stream screens from banking apps, and fake updates to steal logins.
It even bypasses Androidβs screen protections.
Read about it here β https://thehackernews.com/2025/12/new-albiriox-maas-malware-targets-400.html
Spread via fake Google Play links, itβs already targeting users in Austria.
It can remotely control phones, stream screens from banking apps, and fake updates to steal logins.
It even bypasses Androidβs screen protections.
Read about it here β https://thehackernews.com/2025/12/new-albiriox-maas-malware-targets-400.html
Spread via fake Google Play links, itβs already targeting users in Austria.
π±12π€―5β‘3π3π₯2
π¨ Webinar Alert: Resilient Patching β Guardrails for Community Repos
You trust your patching tools. Attackers trust that too. A single unsafe package on Chocolatey or Winget can flip your defenses against you.
Learn how top teams patch fast, safe, and under control.
π Register & get the full playbook β https://thehacker.news/resilient-patching
You trust your patching tools. Attackers trust that too. A single unsafe package on Chocolatey or Winget can flip your defenses against you.
Learn how top teams patch fast, safe, and under control.
π Register & get the full playbook β https://thehacker.news/resilient-patching
π5
π¨ The browser just became your riskiest employee.
New AI browsers like ChatGPT Atlas can act on your behalf β booking, buying, sending data. One hidden command can turn them against you.
Join this expert webinar to learn how to spot and stop these new AI browser threats β https://thehackernews.com/2025/12/webinar-agentic-trojan-horse-why-new-ai.html
New AI browsers like ChatGPT Atlas can act on your behalf β booking, buying, sending data. One hidden command can turn them against you.
Join this expert webinar to learn how to spot and stop these new AI browser threats β https://thehackernews.com/2025/12/webinar-agentic-trojan-horse-why-new-ai.html
π₯5β‘1π1
β‘ New Cyber Recap is live.
π npm worm returns
π§ M365 email + token raids
π± spyware on chat apps
𧱠Firefox RCE + hot CVEs
πΈ Cryptomixer takedown
If you ship code, manage access, or touch cloudβ¦ this oneβs worth 3 minutes.
Read: https://thehackernews.com/2025/12/weekly-recap-hot-cves-npm-worm-returns.html
π npm worm returns
π§ M365 email + token raids
π± spyware on chat apps
𧱠Firefox RCE + hot CVEs
πΈ Cryptomixer takedown
If you ship code, manage access, or touch cloudβ¦ this oneβs worth 3 minutes.
Read: https://thehackernews.com/2025/12/weekly-recap-hot-cves-npm-worm-returns.html
π₯5π€―2
πΌ ShadyPanda quietly turned trusted Chrome and Edge extensions into spyware.
Over 4.3 million installs in 7 years β some were even once verified by Google.
After silent updates in mid-2024, they began sending usersβ browsing data and cookies to remote servers.
π Read here β https://thehackernews.com/2025/12/shadypanda-turns-popular-browser.html
Over 4.3 million installs in 7 years β some were even once verified by Google.
After silent updates in mid-2024, they began sending usersβ browsing data and cookies to remote servers.
π Read here β https://thehackernews.com/2025/12/shadypanda-turns-popular-browser.html
π±8π₯1
π’ URGENT: India just made a cybersecurity app mandatory on all new phones.
The app β Sanchar Saathi β canβt be deleted or disabled.
It helps report fraud, trace lost devices, and block illegal calls.
Full story β https://thehackernews.com/2025/12/india-orders-phone-makers-to-pre.html
Phone makers have 90 days to preload it, and must also update phones already in the supply chain.
The app β Sanchar Saathi β canβt be deleted or disabled.
It helps report fraud, trace lost devices, and block illegal calls.
Full story β https://thehackernews.com/2025/12/india-orders-phone-makers-to-pre.html
Phone makers have 90 days to preload it, and must also update phones already in the supply chain.
π€23π8π₯3π1π€―1π±1