🚨 China-backed hackers exploited an unpatched Windows shortcut bug to breach European diplomats.

UNC6384 used fake “EU Commission” and NATO meeting invites to plant PlugX malware (CVE-2025-9491) — still unpatched by Microsoft.

Full story ↓ https://thehackernews.com/2025/10/china-linked-hackers-exploit-windows.html

Nation-state hackers built Airstalk, a new malware abusing VMware Workspace ONE’s MDM API as a covert C2 channel.

Signed with a stolen cert, it’s exfiltrating browser data from BPO networks.

Full analysis ↓ https://thehackernews.com/2025/10/nation-state-hackers-deploy-new.html

🔥 OpenAI just launched an AI #cybersecurity researcher.

It finds bugs, proves they’re real, and patches them — all by itself.

Powered by GPT-5, it’s already discovered 10 vulnerabilities.

The age of autonomous bug hunters starts now → https://thehackernews.com/2025/10/openai-unveils-aardvark-gpt-5-agent.html

🔒 Chrome is going fully HTTPS by default starting April 2026.

Google will make “Always Use Secure Connections” the default setting—first for Enhanced Safe Browsing users, then for everyone by October 2026.

No more HTTP by default. Safer web, less room for attacks.

Full details ↓ https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html#chrome-takes-final-step-toward-full-https-web
#ThreatsDay

🚨 400+ Cisco routers hacked across Australia!

A new implant called BADCANDY is exploiting CVE-2023-20198 — even after patches.

Rebooting won’t help. Hackers just come back.

Watch for fake cisco_sys_manager accounts ↓ https://thehackernews.com/2025/11/asd-warns-of-ongoing-badcandy-attacks.html

⚠️ North Korea’s Kimsuky just dropped a new backdoor — HttpTroy — hidden in a fake VPN invoice.

It shows a decoy PDF, sets a fake “AhnlabUpdate” task, and rebuilds code on the fly to dodge detection.

Details ↓ https://thehackernews.com/2025/11/new-httptroy-backdoor-poses-as-vpn.html

🕵️ Two Android trojans are silently draining accounts.

🔹 One pretends to be a government ID app.
🔹 The other hides as a food delivery tracker.

They even mute your phone — so you never hear it happen.

Learn more about BankBot-YNRK & DeliveryRAT ↓ https://thehackernews.com/2025/11/researchers-uncover-bankbot-ynrk-and.html

Last week: hacked security tools, broken chip protections, smart AI malware, and dev tools used to attack us.

Hackers are moving faster than we can stop them.

See all the top threats: https://thehackernews.com/2025/11/weekly-recap-lazarus-hits-web3-intelamd.html

🚨 Hackers are now hijacking trucking/logistics firms — not just for data, but for the cargo itself.

They’re loading up legit remote-management tools like ScreenConnect & LogMeIn, hijacking load-boards and booking real shipments of food/beverage.

Read how → https://thehackernews.com/2025/11/cybercriminals-exploit-remote.html

🧠 SOC teams built to stop breaches... are built to miss them.

Detection tools catch signals, not connections — and attackers live in the gaps.

The future isn’t faster alerts. It’s smarter context.

🔍 Don’t miss how they’re doing it ↓ https://thehackernews.com/2025/11/the-evolution-of-soc-operations-how.html

🚨 Microsoft just found a new backdoor called SesameOp — and it’s using the OpenAI Assistants API to talk to its attackers.

Instead of sketchy servers, it hides inside legit AI traffic. It lived undetected for months.

Commands were sent through the “description” field.

Read how it works ↓ https://thehackernews.com/2025/11/microsoft-detects-sesameop-backdoor.html

🔥 Ransomware negotiators turned attackers.

They were supposed to stop hackers — but instead used BlackCat ransomware to hit 5 U.S. companies.

They demanded up to $10M. One company actually paid.

Full story ↓ https://thehackernews.com/2025/11/us-prosecutors-indict-cybersecurity.html

⚡ Google’s AI just found 5 serious bugs in Apple’s Safari — before hackers did.

One flaw could crash your browser instantly, another could break memory protection.

Apple’s patched them all. Update now.

Full story → https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html

💡 Your AI-SOC works best when it keeps learning.

Without regular analyst feedback, false alerts rise and real threats slip by.

The real upgrade isn’t a new model — it’s a continuous feedback loop.

Read how it works ↓ https://thehackernews.com/expert-insights/2025/11/continuous-feedback-loops-why-training.html

🚨 A new cyber-espionage campaign, Operation SkyCloak, is targeting defense networks in Russia and Belarus.

Attackers use fake military documents to install a hidden SSH backdoor that talks through Tor — disguised as a legit GitHub app.

Details here ↓ https://thehackernews.com/2025/11/operation-skycloak-deploys-tor-enabled.html

🚨 Researchers just found 4 serious flaws in Microsoft Teams that let attackers fake messages and impersonate coworkers — no “Edited” label, no warning.

If your team uses Teams, read this now ↓ https://thehackernews.com/2025/11/microsoft-teams-bugs-let-attackers.html

🚨 A critical CVSS 9.8 flaw in "react-native-community/cli" let anyone run OS commands on your dev machine—no login needed.

It’s patched now, but millions of React Native devs were exposed for months.

Check your version and lock down that dev server. → https://thehackernews.com/2025/11/critical-react-native-cli-flaw-exposed.html

🕒 When ransomware hits, every second counts.

DOGE Big Balls spreads fast — encrypting files and leaving ransom notes everywhere.

Wazuh detects it early, isolates the threat, and stops the damage. Here’s how their detection rules and live response work ↓ https://thehackernews.com/2025/11/ransomware-defense-using-wazuh-open.html

🚨 A €600M crypto scam just got taken down.

9 suspects across 5 countries ran fake “investment” sites that looked 100% real. They even laundered the money on-chain — hiding millions in plain view.

Read here ↓ https://thehackernews.com/2025/11/europol-and-eurojust-dismantle-600.html

🛠️ You patch daily.
🕵️ You scan weekly.
⚡But your attack surface changes every hour.

Static defenses can’t keep up.

Join The Hacker News x Bitdefender webinar to see how Dynamic Attack Surface Reduction (DASR) keeps you ahead ➠ https://thehacker.news/attack-surface-reduction

🔥 Three of the internet’s most notorious hacker crews — Scattered Spider, LAPSUS$, and ShinyHunters — just merged into one cartel: Scattered LAPSUS$ Hunters.

They’ve rebuilt their Telegram network 16 times in 80 days and now run extortion-as-a-service for affiliates.

Details here ↓ https://thehackernews.com/2025/11/a-cybercrime-merger-like-no-other.html