⚠️ Seven npm packages were caught hiding crypto scams.

They used a cloaking tool called Adspect to dodge detection — even blocking dev tools to stay invisible.

Learn more ↓ https://thehackernews.com/2025/11/seven-npm-packages-use-adspect-cloaking.html

Dev teams often waste valuable time and effort sifting through vulnerabilities… just to determine if a container is safe.

ActiveState’s new Secure Container Image Catalog simplifies how teams find, compare, and pull secure containers.

The growing catalog, which offers free container images for languages like Python and Java, provides:

🔹 Real-time vulnerability insights and VEX advisories
🔹 Full SBOMs and component details for complete transparency
🔹 Reliable architecture and compatibility data
🔹 The ability to directly compare and pull secure images

Check out the catalog to simplify your container image selection: https://thn.news/state-images

🤖 Most cyberattacks don’t start with hackers — they start with machine accounts.

Non-human identities now outnumber people 50 to 1, and most orgs still can’t see or secure them.

A new approach called Identity Security Fabric fixes that.

Read how it works ↓ https://thehackernews.com/2025/11/beyond-iam-silos-why-identity-security.html

Iran’s UNC1549 hackers hit defense networks without even touching them.

They broke in through third-party Citrix and Azure accounts and dropped backdoors — TWOSTROKE and DEEPROOT — that can sit quiet for months.

They’re now active across the Middle East’s aerospace supply chain.

Read this latest report ↓ https://thehackernews.com/2025/11/iranian-hackers-use-deeproot-and.html

🏠 A U.S. real-estate giant was nearly hacked — through a fake Microsoft Teams chat.

Attackers used Tuoni, a free red-team tool from GitHub, to run hidden code straight in memory.
Even the script showed signs of AI-written code.

How ethical hacking tools are turning against us → https://thehackernews.com/2025/11/researchers-detail-tuoni-c2s-role-in.html

☁️ Your cloud might already be wide open.

One weak access rule can expose everything — data, customers, compliance.

Join our free WEBINAR with CyberArk experts to learn simple ways to close those gaps fast & keep your data safe.

Save your spot now → https://thehackernews.com/2025/11/learn-how-leading-companies-secure.html

Meta just expanded WhatsApp’s security research.

🔹 New “Research Proxy” tool lets experts dig deeper
🔹$4M paid to bug hunters this year

Big money. Bigger stakes.

Read here ↓ https://thehackernews.com/2025/11/meta-expands-whatsapp-security-research.html

🚨 Hackers just upgraded their phishing game. A fake Microsoft login now looks 100% real — even showing a real URL and CAPTCHA check.

It’s part of a new “Sneaky 2FA” phishing kit that lets anyone steal accounts without real skills.

Even pros are getting tricked.

Here’s how it works ↓ https://thehackernews.com/2025/11/sneaky-2fa-phishing-kit-adds-bitb-pop.html

Fortinet has confirmed a new FortiWeb flaw — CVE-2025-58034 — already exploited in the wild.

It lets authenticated attackers execute OS commands via crafted requests.

Full story ↓ https://thehackernews.com/2025/11/fortinet-warns-of-new-fortiweb-cve-2025.html

We say “trust but verify.”

In SaaS, most teams trust once—and never verify again. Old tokens stay valid. Apps keep broad access.

That’s how attackers move in quietly.

Gal Nakash explains why Zero Trust fails in practice and what to fix ↓ https://thehackernews.com/expert-insights/2025/11/the-problem-with-trust-but-verify-is.html

🚨 Hackers turned software updates into malware.

ESET found a China-linked group called PlushDaemon using a tool named EdgeStepper to hijack internet routers and reroute updates straight to fake servers.

So that “safe update”? It could install spyware instead.

Full story ↓ https://thehackernews.com/2025/11/edgestepper-implant-reroutes-dns.html

🚨 New exploit found in ServiceNow’s Now Assist AI platform.

Researchers showed one AI agent could recruit others to steal data and send emails — even with protections enabled.

Misconfigurations, not models, opened the door.

How it happened ↓ https://thehackernews.com/2025/11/servicenow-ai-agents-can-be-tricked.html

🕵️‍♂️ How many AI assets are running in your organization right now? If you can’t answer that, you’re not alone.

From hidden models in Jupyter notebooks to AI-powered features buried in SaaS tools, AI is spreading faster than most teams can track.

Tomorrow! Join this live webinar to learn:
🔹 How to discover and catalog AI assets you didn’t know existed
🔹 Why AI inventory is the foundation for effective AI security and governance

👉 https://thn.news/guide-ai-inventory

⚠️ Hackers just took over tens of thousands of old ASUS routers around the world.

They used six known bugs to build a massive hidden network — still active right now. Each router even shares a weird 100-year security certificate.

Full story → https://thehackernews.com/2025/11/wrthug-exploits-six-asus-wrt-flaws-to.html

Hackers are using trusted apps to attack.

ThreatLocker’s Ringfencing™ stops them — blocking PowerShell, macros, and other risky actions before they spread.

Learn how it works → https://thehackernews.com/2025/11/application-containment-how-to-use.html

☁️ Your cloud is growing faster than your security.
🔐 One stolen login could bring it all down.

Join the LIVE session next week and learn how top teams lock it down — without slowing down devs.

👉 Save your spot now → https://thehacker.news/securing-cloud-workloads

🚨 A new WhatsApp worm is spreading fast in Brazil.

It hijacks chats, sends fake messages to all your contacts, and installs a program that steals bank and crypto logins.

... and it updates itself through an email inbox to stay hidden.

Read here ↓ https://thehackernews.com/2025/11/python-based-whatsapp-worm-spreads.html

⚠️ Hackers are exploiting a new 7-Zip flaw right now.

A simple ZIP file can break into Windows through a hidden link trick.

The bug’s been patched — but many still haven’t updated.

Details here (CVE-2025-11001) ↓ https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html

🚨 Hackers are running fake ads for popular apps — and they look 100% real.

Click one, and you install TamperedChef, a backdoor that lets attackers control your computer.

Experts say it’s still spreading.

Read here → https://thehackernews.com/2025/11/tamperedchef-malware-spreads-via-fake.html

⚡ Iranian hackers helped aim real missiles.

They broke into ship tracking systems and live cameras — then the ships got attacked days later.

Amazon says this marks a new kind of war: where hacking meets real-world strikes.

More on how it happened ↓ https://thehackernews.com/2025/11/iran-linked-hackers-mapped-ship-ais.html

🔒 New Android malware can read your private chats — even on Signal, WhatsApp, and Telegram.

It records your screen after messages are decrypted, stealing passwords and banking logins.

It even fakes system updates to hide what it’s doing.

Full story ↓ https://thehackernews.com/2025/11/new-sturnus-android-trojan-quietly.html