🚨 PhantomRaven hit the npm registry — 126 malicious packages, 86K+ installs, stealing npm tokens, GitHub creds, and CI/CD secrets.

They hide malware in remote dynamic dependencies that show 0 deps, so scanners miss them.

Details → https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html

⚡ Cybercrime just got quieter, cheaper, and a lot more precise.

💥 DNS flaws exploited
💥 Rust binaries hiding payloads
💥 Supply-chain heists rising
💥 New RATs everywhere

Your weekly ThreatsDay recap has it all → https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html

🚨 A single line of JavaScript can crash any Chromium browser.

Researcher Jose Pino calls it Brash — it abuses how document.title handles rapid updates.

24 million title changes per second = instant crash.

Still unpatched. Details ↓ https://thehackernews.com/2025/10/new-brash-exploit-crashes-chromium.html

⚠️ “Patch everything” is dead.

At the BAS Summit, CISOs said it straight — not every vuln matters, only the exploitable ones do.

Breach simulation shows where you bleed, not where scanners scream.

Proof beats panic. Read how BAS powers real defense → https://thehackernews.com/2025/10/the-death-of-security-checkbox-bas-is.html

🔥 A tool built for defenders is now arming attackers.

AdaptixC2 — an open-source C2 in Golang — was made for red teams.

Now, Russian ransomware gangs use it in fake Microsoft Teams help-desk scams.

Details ↓ https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.html

💀 Google says it blocks over 10 billion scam calls and messages every month.

But scammers have adapted — they’ve gone social.

Now they send fake job offers in group chats, even adding fake “friends” to make it look real.

The new scam tactic most experts overlooked ↓ https://thehackernews.com/2025/10/googles-built-in-ai-defenses-on-android.html

CISA added a new VMware zero-day to its KEV list.

CVE-2025-41244 (CVSS 7.8) lets local users on VMs with VMware Tools + Aria Operations gain root access.

Exploited since Oct 2024 by China-linked UNC5174.

Patch released last month ↓ https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html

Developers accidentally leaked VS Code tokens — letting attackers publish fake extensions.

Eclipse has revoked the tokens and added new safeguards after a campaign dubbed “GlassWorm.”

Read → https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html

A Mac app just bypassed macOS permission checks — silently turning on the mic and camera.

ThreatLocker’s new Device Access Control (DAC) for macOS, now in Beta, flags hidden risks like unencrypted drives, SMBv1, and weak sharing settings — before attackers can exploit them.

Learn more ↓ https://thehackernews.com/2025/10/a-new-security-layer-for-macos-takes.html

CISA and NSA just issued a warning:

Exchange servers are still getting hacked. Now a new WSUS flaw (CVE-2025-59287) lets attackers run code remotely.

Even patched systems aren’t fully safe.

If you manage Exchange or WSUS, read this ↓ https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html

Most MSPs are walking straight into a trap.

Clients now expect enterprise-level cybersecurity — but many providers are still selling basic IT support.

The result? Lost clients, slower growth, and higher risk exposure.

Is your MSP ready to lead with security? ↓ https://thehackernews.com/2025/10/the-msp-cybersecurity-readiness-guide.html

⚠️ Chinese hackers are exploiting a critical 9.3 CVE (CVE-2025-61932) in Motex Lanscope Endpoint Manager.

It lets them run SYSTEM-level commands and plant a Gokcpdoor backdoor with new multiplexed C2 channels.

Active attacks confirmed ↓ https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html

🚨 China-backed hackers exploited an unpatched Windows shortcut bug to breach European diplomats.

UNC6384 used fake “EU Commission” and NATO meeting invites to plant PlugX malware (CVE-2025-9491) — still unpatched by Microsoft.

Full story ↓ https://thehackernews.com/2025/10/china-linked-hackers-exploit-windows.html

Nation-state hackers built Airstalk, a new malware abusing VMware Workspace ONE’s MDM API as a covert C2 channel.

Signed with a stolen cert, it’s exfiltrating browser data from BPO networks.

Full analysis ↓ https://thehackernews.com/2025/10/nation-state-hackers-deploy-new.html

🔥 OpenAI just launched an AI #cybersecurity researcher.

It finds bugs, proves they’re real, and patches them — all by itself.

Powered by GPT-5, it’s already discovered 10 vulnerabilities.

The age of autonomous bug hunters starts now → https://thehackernews.com/2025/10/openai-unveils-aardvark-gpt-5-agent.html

🔒 Chrome is going fully HTTPS by default starting April 2026.

Google will make “Always Use Secure Connections” the default setting—first for Enhanced Safe Browsing users, then for everyone by October 2026.

No more HTTP by default. Safer web, less room for attacks.

Full details ↓ https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html#chrome-takes-final-step-toward-full-https-web
#ThreatsDay

🚨 400+ Cisco routers hacked across Australia!

A new implant called BADCANDY is exploiting CVE-2023-20198 — even after patches.

Rebooting won’t help. Hackers just come back.

Watch for fake cisco_sys_manager accounts ↓ https://thehackernews.com/2025/11/asd-warns-of-ongoing-badcandy-attacks.html

⚠️ North Korea’s Kimsuky just dropped a new backdoor — HttpTroy — hidden in a fake VPN invoice.

It shows a decoy PDF, sets a fake “AhnlabUpdate” task, and rebuilds code on the fly to dodge detection.

Details ↓ https://thehackernews.com/2025/11/new-httptroy-backdoor-poses-as-vpn.html

🕵️ Two Android trojans are silently draining accounts.

🔹 One pretends to be a government ID app.
🔹 The other hides as a food delivery tracker.

They even mute your phone — so you never hear it happen.

Learn more about BankBot-YNRK & DeliveryRAT ↓ https://thehackernews.com/2025/11/researchers-uncover-bankbot-ynrk-and.html

Last week: hacked security tools, broken chip protections, smart AI malware, and dev tools used to attack us.

Hackers are moving faster than we can stop them.

See all the top threats: https://thehackernews.com/2025/11/weekly-recap-lazarus-hits-web3-intelamd.html

🚨 Hackers are now hijacking trucking/logistics firms — not just for data, but for the cargo itself.

They’re loading up legit remote-management tools like ScreenConnect & LogMeIn, hijacking load-boards and booking real shipments of food/beverage.

Read how → https://thehackernews.com/2025/11/cybercriminals-exploit-remote.html