π¨ A fake Ethereum wallet called βSaferyβ is still up on the Chrome Web Store.
It steals your seed phrase by hiding it in Sui wallet addresses and sending tiny blockchain payments.
Looks safe. Isnβt. Read here β https://thehackernews.com/2025/11/fake-chrome-extension-safery-steals.html
It steals your seed phrase by hiding it in Sui wallet addresses and sending tiny blockchain payments.
Looks safe. Isnβt. Read here β https://thehackernews.com/2025/11/fake-chrome-extension-safery-steals.html
π8π7π±1
Half of new CVEs are exploited within 48 hours.
Attackers use AI and automation. Defenders use tickets and patch cycles.
That delay is the breach window β https://thehackernews.com/2025/11/when-attacks-come-faster-than-patches.html
Attackers use AI and automation. Defenders use tickets and patch cycles.
That delay is the breach window β https://thehackernews.com/2025/11/when-attacks-come-faster-than-patches.html
π11π5π₯1
π¨ Hackers made 4,300+ fake hotel websites copying Booking[.]com, Airbnb, and Expedia.
Each fake page looks real, changes based on your booking link, and steals your card details.
See how this massive travel scam works β https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html
Each fake page looks real, changes based on your booking link, and steals your card details.
See how this massive travel scam works β https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html
β‘18π12π₯6π€5π1
β οΈ Hackers are actively exploiting a Fortinet FortiWeb bug that lets them skip login and make admin accounts.
Fortinet quietly fixed it in v8.0.2 β no CVE, no warning.
If you havenβt patched yet, your device might already be hit.
Learn more here β https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html
Fortinet quietly fixed it in v8.0.2 β no CVE, no warning.
If you havenβt patched yet, your device might already be hit.
Learn more here β https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html
π12π3π€―2π1
π¨ Securing one browser isnβt enough.
Malicious extensions now move between Chrome, Edge, and AI browsers like Atlas and Comet. AI helps them learn and adapt fast.
See how cross-browser attacks really work β https://thehackernews.com/expert-insights/2025/11/beyond-chrome-risks-of-malicious.html
Malicious extensions now move between Chrome, Edge, and AI browsers like Atlas and Comet. AI helps them learn and adapt fast.
See how cross-browser attacks really work β https://thehackernews.com/expert-insights/2025/11/beyond-chrome-risks-of-malicious.html
π8π€―1
Chinaβs hackers used Anthropicβs AI to run cyber attacks β almost fully on its own.
They turned Claude into a self-running hacking tool that hit tech, finance, and government targets.
AI did about 90% of the work by itself.
Learn more β https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html
They turned Claude into a self-running hacking tool that hit tech, finance, and government targets.
AI did about 90% of the work by itself.
Learn more β https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html
π15π2β‘1π₯1
Ransomware is breaking records again.
In Q3 2025, researchers found 85 active ransomware groups β more than ever before. Police took some down, but 14 new ones popped up right after.
Now LockBit 5.0 is back, and it could pull them all together again.
Read the full report β https://thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html
In Q3 2025, researchers found 85 active ransomware groups β more than ever before. Police took some down, but 14 new ones popped up right after.
Now LockBit 5.0 is back, and it could pull them all together again.
Read the full report β https://thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html
β‘10π7π2π₯1
π Iranβs APT42 hackers are now targeting defense officials and their families.
They send fake WhatsApp invites that install a PowerShell backdoor called TAMECAT using Cloudflare, Discord, and Telegram.
Itβs active and still spreading.
Details here β https://thehackernews.com/2025/11/iranian-hackers-launch-spearspecter-spy.html
They send fake WhatsApp invites that install a PowerShell backdoor called TAMECAT using Cloudflare, Discord, and Telegram.
Itβs active and still spreading.
Details here β https://thehackernews.com/2025/11/iranian-hackers-launch-spearspecter-spy.html
π13π₯8π±2π1
π΅οΈββοΈ How many AI assets are running in your organization right now?
If you canβt answer that, youβre not alone.
From hidden models in Jupyter notebooks to AI-powered features buried in SaaS tools, AI is spreading faster than most teams can track.
Join this live webinar to learn:
- How to discover and catalog AI assets you didnβt know existed
- Why AI inventory is the foundation for effective AI security and governance
π https://thn.news/building-ai-inventory
If you canβt answer that, youβre not alone.
From hidden models in Jupyter notebooks to AI-powered features buried in SaaS tools, AI is spreading faster than most teams can track.
Join this live webinar to learn:
- How to discover and catalog AI assets you didnβt know existed
- Why AI inventory is the foundation for effective AI security and governance
π https://thn.news/building-ai-inventory
π4
π¨ Major AI engines from Meta, Nvidia, Microsoft, and PyTorch were hit by the same critical bug.
It lets attackers run code on remote systems β all because of a reused unsafe pattern in ZeroMQ and Python pickle.
Some systems are still not fixed.
Read the full story β https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html
It lets attackers run code on remote systems β all because of a reused unsafe pattern in ZeroMQ and Python pickle.
Some systems are still not fixed.
Read the full story β https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html
π9
π¨ North Korean hackers have a new trick.
Theyβre hiding malware inside fake API keys on GitHub β using JSON Keeper and other legit tools to stay invisible.
The attack installs βBeaverTailβ to steal data and drop a Python backdoor.
See how it works β https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html
Theyβre hiding malware inside fake API keys on GitHub β using JSON Keeper and other legit tools to stay invisible.
The attack installs βBeaverTailβ to steal data and drop a Python backdoor.
See how it works β https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html
β‘8π€8π±4π2
π Update: Fortinet has assigned CVE-2025-64446 (CVSS 9.1) β a path traversal flaw letting attackers run admin commands via crafted HTTP/S requests.
CISA added it to KEV β deadline: Nov 21.
Exploited in the wild.
Patch now β€΅οΈ https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html
CISA added it to KEV β deadline: Nov 21.
Exploited in the wild.
Patch now β€΅οΈ https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html
π₯13π€―3β‘1π1
The U.S. just uncovered how North Korea used fake βremote IT jobsβ to sneak millions past sanctions.
π€ 5 Americans pleaded guilty
π’ 136 U.S. companies hit
π° $2.2M sent to North Korea
Read the details β https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html
π€ 5 Americans pleaded guilty
π’ 136 U.S. companies hit
π° $2.2M sent to North Korea
Read the details β https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html
π22π€―7π±5π₯2π1
π¨ A new botnet called RondoDox is attacking unpatched XWiki servers through a critical bug (CVE-2025-24893, score 9.8).
Hackers are using it to spread crypto miners and DDoS tools.
Learn more β https://thehackernews.com/2025/11/rondodox-exploits-unpatched-xwiki.html
Hackers are using it to spread crypto miners and DDoS tools.
Learn more β https://thehackernews.com/2025/11/rondodox-exploits-unpatched-xwiki.html
π11
π¨ Big win for Android security.
Google says Rust cut memory bugs by 1000x β and made coding faster too.
Fewer crashes, fewer rollbacks, quicker reviews. Even an 8.1-rated bug in βunsafeβ Rust couldnβt get through.
Learn more β https://thehackernews.com/2025/11/rust-adoption-drives-android-memory.html
Google says Rust cut memory bugs by 1000x β and made coding faster too.
Fewer crashes, fewer rollbacks, quicker reviews. Even an 8.1-rated bug in βunsafeβ Rust couldnβt get through.
Learn more β https://thehackernews.com/2025/11/rust-adoption-drives-android-memory.html
π€17π9π₯8π2
π¨ Hackers are using fake Chrome and Teams apps to spread a new virus. Itβs called RONINGLOADER, and it installs a changed version of Gh0st RAT.
π¬ It shuts down antivirus tools with real Windows drivers and hides inside regsvr32.exe.
Read the full story β https://thehackernews.com/2025/11/dragon-breath-uses-roningloader-to.html
π¬ It shuts down antivirus tools with real Windows drivers and hides inside regsvr32.exe.
Read the full story β https://thehackernews.com/2025/11/dragon-breath-uses-roningloader-to.html
π9π₯6
π¨ 1 in 3 phishing attacks no longer come from email.
Theyβre sliding into LinkedIn DMsβimpersonating execs, hijacking accounts, and stealing access to Microsoft & Google workspaces.
The worst part? Security teams canβt even see it happening.
Find out how it works β https://thehackernews.com/2025/11/5-reasons-why-attackers-are-phishing.html
Theyβre sliding into LinkedIn DMsβimpersonating execs, hijacking accounts, and stealing access to Microsoft & Google workspaces.
The worst part? Security teams canβt even see it happening.
Find out how it works β https://thehackernews.com/2025/11/5-reasons-why-attackers-are-phishing.html
β‘10π€6π3π2
π‘οΈ Missed the latest threats? Cyber moves fast β catch up faster.
β‘ Fortinet flaw exploited
π€ Chinaβs AI-driven ops
π PhaaS shutdown
π° Fake crypto apps
π¦ Supply chain abuse
π All in one sharp recap: https://thehackernews.com/2025/11/weekly-recap-fortinet-exploited-chinas.html
β‘ Fortinet flaw exploited
π€ Chinaβs AI-driven ops
π PhaaS shutdown
π° Fake crypto apps
π¦ Supply chain abuse
π All in one sharp recap: https://thehackernews.com/2025/11/weekly-recap-fortinet-exploited-chinas.html
π₯10π3π3π€―3
β‘ Hackers are using fake reCAPTCHA pop-ups to install Amatera Stealer β malware that steals crypto, passwords, and messages.
It hides inside Windows files and skips computers with nothing valuable.
Full details β https://thehackernews.com/2025/11/new-evalusion-clickfix-campaign.html
It hides inside Windows files and skips computers with nothing valuable.
Full details β https://thehackernews.com/2025/11/new-evalusion-clickfix-campaign.html
π32π₯9π8π3
π΄ Google confirms new Chrome zero-day under attack.
The flaw β CVE-2025-13223 β lets hackers run code through a crafted web page.
Itβs the third V8 exploit this year, and itβs already being used in the wild.
Patch now β https://thehackernews.com/2025/11/google-issues-security-fix-for-actively.html
The flaw β CVE-2025-13223 β lets hackers run code through a crafted web page.
Itβs the third V8 exploit this year, and itβs already being used in the wild.
Patch now β https://thehackernews.com/2025/11/google-issues-security-fix-for-actively.html
π±19π₯11π4π4π2
π₯ Microsoft stopped the biggest DDoS attack ever seen in the cloud β 5.72 Tbps from over 500,000 hacked routers and cameras.
The attack came from an IoT botnet called AISURU.
The devices are still infected β and could strike again.
Read here β https://thehackernews.com/2025/11/microsoft-mitigates-record-572-tbps.html
The attack came from an IoT botnet called AISURU.
The devices are still infected β and could strike again.
Read here β https://thehackernews.com/2025/11/microsoft-mitigates-record-572-tbps.html
π29π6π5