π¨ New ThreatsDay Bulletin is out!
From AI bug bounties and data leaks to phishing kits and global cyber laws β hereβs whatβs shaping the week in cybersecurity.
π Read the full update: https://thehackernews.com/2025/11/threatsday-bulletin-cisco-0-days-ai-bug.html
From AI bug bounties and data leaks to phishing kits and global cyber laws β hereβs whatβs shaping the week in cybersecurity.
π Read the full update: https://thehackernews.com/2025/11/threatsday-bulletin-cisco-0-days-ai-bug.html
π5π1
π¨ Europol took down 3 big malware groups β Rhadamanthys Stealer, Venom RAT, and the Elysium botnet.
They shut down 1,025 servers and 20 websites.
The main hacker was caught in Greece with 100,000 crypto wallets from victims.
Full story β https://thehackernews.com/2025/11/operation-endgame-dismantles.html
They shut down 1,025 servers and 20 websites.
The main hacker was caught in Greece with 100,000 crypto wallets from victims.
Full story β https://thehackernews.com/2025/11/operation-endgame-dismantles.html
π11π€―7π±3β‘1π₯1π1
Most tools that promise to simplify Google Workspace offboarding end up creating more problems than they solve. Rigid workflows. Chat messages left unarchived. Manual fixes that take hours... Curious how companies like Google automate their deprovisioning in a no-code way?
Join a Cloud Space Architect from Google and the Zenphi team to see how IT departments:
Trigger offboarding automatically from HR or Directory events
Archive Gmail, Drive, and Chat in one flow
Clean up devices and shares instantly
Cut costs associated with offboarding by up to 80%!
π Nov 20, 2025 | 30-min live session
β‘οΈ Register to ask questions live and get the recording: https://thn.news/secure-offboarding
#GoogleWorkspace #SecurityAutomation #GmailSecurity #ITAdmin #ITOperations #Cybersecurity #Offboarding #DataArchiving #MDM #GoogleAdmin #GoogleDrive
Join a Cloud Space Architect from Google and the Zenphi team to see how IT departments:
Trigger offboarding automatically from HR or Directory events
Archive Gmail, Drive, and Chat in one flow
Clean up devices and shares instantly
Cut costs associated with offboarding by up to 80%!
π Nov 20, 2025 | 30-min live session
β‘οΈ Register to ask questions live and get the recording: https://thn.news/secure-offboarding
#GoogleWorkspace #SecurityAutomation #GmailSecurity #ITAdmin #ITOperations #Cybersecurity #Offboarding #DataArchiving #MDM #GoogleAdmin #GoogleDrive
π3π2π€1
π¨ A fake Ethereum wallet called βSaferyβ is still up on the Chrome Web Store.
It steals your seed phrase by hiding it in Sui wallet addresses and sending tiny blockchain payments.
Looks safe. Isnβt. Read here β https://thehackernews.com/2025/11/fake-chrome-extension-safery-steals.html
It steals your seed phrase by hiding it in Sui wallet addresses and sending tiny blockchain payments.
Looks safe. Isnβt. Read here β https://thehackernews.com/2025/11/fake-chrome-extension-safery-steals.html
π7π7π±1
Half of new CVEs are exploited within 48 hours.
Attackers use AI and automation. Defenders use tickets and patch cycles.
That delay is the breach window β https://thehackernews.com/2025/11/when-attacks-come-faster-than-patches.html
Attackers use AI and automation. Defenders use tickets and patch cycles.
That delay is the breach window β https://thehackernews.com/2025/11/when-attacks-come-faster-than-patches.html
π7π2
π¨ Hackers made 4,300+ fake hotel websites copying Booking[.]com, Airbnb, and Expedia.
Each fake page looks real, changes based on your booking link, and steals your card details.
See how this massive travel scam works β https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html
Each fake page looks real, changes based on your booking link, and steals your card details.
See how this massive travel scam works β https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html
β‘15π9π₯6π€4π1
β οΈ Hackers are actively exploiting a Fortinet FortiWeb bug that lets them skip login and make admin accounts.
Fortinet quietly fixed it in v8.0.2 β no CVE, no warning.
If you havenβt patched yet, your device might already be hit.
Learn more here β https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html
Fortinet quietly fixed it in v8.0.2 β no CVE, no warning.
If you havenβt patched yet, your device might already be hit.
Learn more here β https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html
π10π2π€―2
π¨ Securing one browser isnβt enough.
Malicious extensions now move between Chrome, Edge, and AI browsers like Atlas and Comet. AI helps them learn and adapt fast.
See how cross-browser attacks really work β https://thehackernews.com/expert-insights/2025/11/beyond-chrome-risks-of-malicious.html
Malicious extensions now move between Chrome, Edge, and AI browsers like Atlas and Comet. AI helps them learn and adapt fast.
See how cross-browser attacks really work β https://thehackernews.com/expert-insights/2025/11/beyond-chrome-risks-of-malicious.html
π7
Chinaβs hackers used Anthropicβs AI to run cyber attacks β almost fully on its own.
They turned Claude into a self-running hacking tool that hit tech, finance, and government targets.
AI did about 90% of the work by itself.
Learn more β https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html
They turned Claude into a self-running hacking tool that hit tech, finance, and government targets.
AI did about 90% of the work by itself.
Learn more β https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html
π13π₯1π1
Ransomware is breaking records again.
In Q3 2025, researchers found 85 active ransomware groups β more than ever before. Police took some down, but 14 new ones popped up right after.
Now LockBit 5.0 is back, and it could pull them all together again.
Read the full report β https://thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html
In Q3 2025, researchers found 85 active ransomware groups β more than ever before. Police took some down, but 14 new ones popped up right after.
Now LockBit 5.0 is back, and it could pull them all together again.
Read the full report β https://thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html
β‘8π5
π Iranβs APT42 hackers are now targeting defense officials and their families.
They send fake WhatsApp invites that install a PowerShell backdoor called TAMECAT using Cloudflare, Discord, and Telegram.
Itβs active and still spreading.
Details here β https://thehackernews.com/2025/11/iranian-hackers-launch-spearspecter-spy.html
They send fake WhatsApp invites that install a PowerShell backdoor called TAMECAT using Cloudflare, Discord, and Telegram.
Itβs active and still spreading.
Details here β https://thehackernews.com/2025/11/iranian-hackers-launch-spearspecter-spy.html
π11π₯3π1π±1
π΅οΈββοΈ How many AI assets are running in your organization right now?
If you canβt answer that, youβre not alone.
From hidden models in Jupyter notebooks to AI-powered features buried in SaaS tools, AI is spreading faster than most teams can track.
Join this live webinar to learn:
- How to discover and catalog AI assets you didnβt know existed
- Why AI inventory is the foundation for effective AI security and governance
π https://thn.news/building-ai-inventory
If you canβt answer that, youβre not alone.
From hidden models in Jupyter notebooks to AI-powered features buried in SaaS tools, AI is spreading faster than most teams can track.
Join this live webinar to learn:
- How to discover and catalog AI assets you didnβt know existed
- Why AI inventory is the foundation for effective AI security and governance
π https://thn.news/building-ai-inventory
π1
π¨ Major AI engines from Meta, Nvidia, Microsoft, and PyTorch were hit by the same critical bug.
It lets attackers run code on remote systems β all because of a reused unsafe pattern in ZeroMQ and Python pickle.
Some systems are still not fixed.
Read the full story β https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html
It lets attackers run code on remote systems β all because of a reused unsafe pattern in ZeroMQ and Python pickle.
Some systems are still not fixed.
Read the full story β https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html
π3
π¨ North Korean hackers have a new trick.
Theyβre hiding malware inside fake API keys on GitHub β using JSON Keeper and other legit tools to stay invisible.
The attack installs βBeaverTailβ to steal data and drop a Python backdoor.
See how it works β https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html
Theyβre hiding malware inside fake API keys on GitHub β using JSON Keeper and other legit tools to stay invisible.
The attack installs βBeaverTailβ to steal data and drop a Python backdoor.
See how it works β https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html
π€1