🚨 Researchers just found 4 serious flaws in Microsoft Teams that let attackers fake messages and impersonate coworkers — no “Edited” label, no warning.

If your team uses Teams, read this now ↓ https://thehackernews.com/2025/11/microsoft-teams-bugs-let-attackers.html

🚨 A critical CVSS 9.8 flaw in "react-native-community/cli" let anyone run OS commands on your dev machine—no login needed.

It’s patched now, but millions of React Native devs were exposed for months.

Check your version and lock down that dev server. → https://thehackernews.com/2025/11/critical-react-native-cli-flaw-exposed.html

🕒 When ransomware hits, every second counts.

DOGE Big Balls spreads fast — encrypting files and leaving ransom notes everywhere.

Wazuh detects it early, isolates the threat, and stops the damage. Here’s how their detection rules and live response work ↓ https://thehackernews.com/2025/11/ransomware-defense-using-wazuh-open.html

🚨 A €600M crypto scam just got taken down.

9 suspects across 5 countries ran fake “investment” sites that looked 100% real. They even laundered the money on-chain — hiding millions in plain view.

Read here ↓ https://thehackernews.com/2025/11/europol-and-eurojust-dismantle-600.html

🛠️ You patch daily.
🕵️ You scan weekly.
⚡But your attack surface changes every hour.

Static defenses can’t keep up.

Join The Hacker News x Bitdefender webinar to see how Dynamic Attack Surface Reduction (DASR) keeps you ahead ➠ https://thehacker.news/attack-surface-reduction

🔥 Three of the internet’s most notorious hacker crews — Scattered Spider, LAPSUS$, and ShinyHunters — just merged into one cartel: Scattered LAPSUS$ Hunters.

They’ve rebuilt their Telegram network 16 times in 80 days and now run extortion-as-a-service for affiliates.

Details here ↓ https://thehackernews.com/2025/11/a-cybercrime-merger-like-no-other.html

CISA just added two new flaws to its list of exploited ones. One is already being used in the wild, and the other was fixed months ago but is still open on a lot of servers.

One flaw in Control Web Panel lets hackers run commands before they log in.

If you use it, patch it now.

More information ↓ https://thehackernews.com/2025/11/cisa-adds-gladinet-and-cwp-flaws-to-kev.html

Many companies don’t realize this yet, but their AI agents are already acting like employees.

82% use them, and 53% handle sensitive data every day. But when staff leave, those agents keep running… still with full access.

Here’s how to find and protect them: https://thehackernews.com/expert-insights/2025/11/governing-ai-agents-from-enterprise.html

⚠️ In just 60 seconds, analysts found an entire phishing chain: a fake Microsoft 365 login hidden inside ClickUp.

Most SOCs would have spent hours poring through logs to find the same thing.

Here's how real-time analysis cuts noise, speeds detection, and prevents burnout: https://thehackernews.com/2025/11/why-soc-burnout-can-be-avoided.html

New Iranian threat actor identified – UNK_SmudgedSerpent.

From June to August, they tricked U.S. academics with fake Microsoft Teams invites that secretly installed remote access tools.

Read on ↓ https://thehackernews.com/2025/11/mysterious-smudgedserpent-hackers.html

⚠️ Researchers have found 7 new ways to hack ChatGPT (GPT-4o and GPT-5), including zero-click attacks that can steal chat history and even poison your AI's memory.

OpenAI fixed some of them... but not all of them.

Details here → https://thehackernews.com/2025/11/researchers-find-chatgpt.html

⚡ Google spotted malware that uses Gemini AI to rewrite its own code.

It’s called PROMPTFLUX — a simple script that asks Gemini for new ways to hide from antivirus tools.

More information ↓ https://thehackernews.com/2025/11/google-uncovers-promptflux-malware-that.html

SonicWall just confirmed the September breach was done by a state-backed hacker group.

They got in through one API call and accessed firewall backups — no ransom, just quiet data theft.

Here’s what happened ↓ https://thehackernews.com/2025/11/sonicwall-confirms-state-sponsored.html

⚡ Hackers turned Windows against itself.

Curly COMrades is using Microsoft's Hyper-V to run small Linux virtual machines inside Windows 10.

This is a sneaky way to get their malware past EDR tools.

Read the whole story ↓ https://thehackernews.com/2025/11/hackers-weaponize-windows-hyper-v-to.html

Over 600 companies say they offer MDR.
Gartner’s new report shows only a few truly deliver.

It also highlights a big gap — most rely too much on automation, not enough on real human response.

Worth a read → https://thehackernews.com/2025/11/bitdefender-named-representative-vendor.html

🛡️ ThreatsDay Bulletin is out!

🔹 Cyber threats are getting personal.
🔹 AI helps stop attacks — but it’s also powering them.
🔹 Botnets, fake apps, and scams are growing fast.

Here’s what’s really happening this week in cyber → https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html

New cyber rules mean every breach test counts. Most teams still run them in Excel.

At Georgetown, gain the tactical skills to plan for and respond to information security threats.

Attend our Nov. 19 webinar → https://thn.news/cyber-risk-webinar-in

🚨 Cisco warns hackers are targeting unpatched Secure Firewall ASA & FTD devices with a new attack variant exploiting two flaws — CVE-2025-20333 and CVE-2025-20362.

The attacks can crash devices (DoS) or let attackers run code as root.

Details here ↓ https://thehackernews.com/2025/11/cisco-warns-of-new-firewall-attack.html

⚠️ A Russia-linked group posed as ESET to hack Ukrainian organizations.

They sent fake ESET installers that looked real — but quietly installed a backdoor using the Tor network.

Experts call the group InedibleOchotense, tied to Sandworm.

Full story → https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html

Redis added an AI agent (Prophet Security) to its SOC, working alongside their MDR team.

The result: investigations that took hours now take about 10 minutes.

AI handles the routine alerts so humans can focus on real threats.

Here’s what actually worked ↓ https://thehackernews.com/expert-insights/2025/11/implementing-ai-in-soc-lessons-learned.html

A fake VS Code extension made with AI just showed up on the Marketplace.

It ran ransomware on install — zipping, encrypting, and uploading files, all by itself.

Microsoft took it down quickly, but the developer accidentally left the control keys and decryption tools inside.

Here’s what happened and how it worked ↓ https://thehackernews.com/2025/11/vibe-coded-malicious-vs-code-extension.html