Hackers are using trusted apps to attack.

ThreatLocker’s Ringfencing™ stops them — blocking PowerShell, macros, and other risky actions before they spread.

Learn how it works → https://thehackernews.com/2025/11/application-containment-how-to-use.html

☁️ Your cloud is growing faster than your security.
🔐 One stolen login could bring it all down.

Join the LIVE session next week and learn how top teams lock it down — without slowing down devs.

👉 Save your spot now → https://thehacker.news/securing-cloud-workloads

🚨 A new WhatsApp worm is spreading fast in Brazil.

It hijacks chats, sends fake messages to all your contacts, and installs a program that steals bank and crypto logins.

... and it updates itself through an email inbox to stay hidden.

Read here ↓ https://thehackernews.com/2025/11/python-based-whatsapp-worm-spreads.html

⚠️ Hackers are exploiting a new 7-Zip flaw right now.

A simple ZIP file can break into Windows through a hidden link trick.

The bug’s been patched — but many still haven’t updated.

Details here (CVE-2025-11001) ↓ https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html

🚨 Hackers are running fake ads for popular apps — and they look 100% real.

Click one, and you install TamperedChef, a backdoor that lets attackers control your computer.

Experts say it’s still spreading.

Read here → https://thehackernews.com/2025/11/tamperedchef-malware-spreads-via-fake.html

⚡ Iranian hackers helped aim real missiles.

They broke into ship tracking systems and live cameras — then the ships got attacked days later.

Amazon says this marks a new kind of war: where hacking meets real-world strikes.

More on how it happened ↓ https://thehackernews.com/2025/11/iran-linked-hackers-mapped-ship-ais.html

🔒 New Android malware can read your private chats — even on Signal, WhatsApp, and Telegram.

It records your screen after messages are decrypted, stealing passwords and banking logins.

It even fakes system updates to hide what it’s doing.

Full story ↓ https://thehackernews.com/2025/11/new-sturnus-android-trojan-quietly.html

This week's ThreatsDay looks at big cyber news from around the world:

🔹 Russian hackers got arrested
🔹 Chinese spies are using LinkedIn to find secrets
🔹 People caught washing dirty money with crypto
🔹 New hidden bugs found in phones, computers, and smart home gadgets
🔹 ... and many more.

🌐 Zero-day attacks • Spying • Crypto crime • Bugs in everyday devices • Moving malware

Read all critical stories here → https://thehackernews.com/2025/11/threatsday-bulletin-0-days-linkedin.html

JSGuLdr: Multi-Stage Loader Delivering PhantomStealer

#ANYRUN researchers identified #JSGuLdr, a multi-stage JavaScript-to-PowerShell loader used to deliver #PhantomStealer. A JScript file triggers PowerShell through an Explorer COM call, pulls the second stage from %APPDATA%\Registreri62, then uses Net.WebClient to fetch an encrypted payload from Google Drive into %APPDATA%\Autorise131[.]Tel. The payload is decoded in memory and loaded, with PhantomStealerinjected into msiexec.exe.

Execution chain: wscript.exe ➡️ explorer.exe (svchost.exe) ➡️ explorer.exe (COM) ➡️ powershell.exe ➡️ msiexec.exe

👉 See analysis session: https://app.any.run/tasks/7b295f6f-5f16-4a44-a02b-5d59fd4b1e8f?utm_source=tg_thehackernews&utm_medium=post&utm_campaign=techpost&utm_content=task&utm_term=201125

👉 Read full analysis: https://t.iss.one/anyrun_app/698

WhatsApp accounts are being hijacked worldwide via fake WhatsApp Web pages that mimic the official interface exactly — including auto-detected language and country flag.

You scan QR or type code → they take your account → message your friends for money + steal everything.

Check the new CTM360 report – see exactly how the fake pages look and how to stay safe ↓ https://thehackernews.com/2025/11/ctm360-exposes-global-whatsapp.html

Hackers made a new botnet called Tsundere — it’s spreading through fake game downloads like Valorant and CS2.

It hides its servers on the Ethereum blockchain, making it almost impossible to shut down.

Researchers say it’s still active.

Read more ↓ https://thehackernews.com/2025/11/tsundere-botnet-expands-using-game.html

🚨 Hackers are exploiting a 2-year-old authentication flaw (CVE-2023-48022) in the Ray AI framework to take over NVIDIA GPU clusters and run a self-spreading crypto-mining botnet called ShadowRay 2.0.

The bug remains unpatched by design, and over 230,000 Ray servers are exposed online.

Read about it here ↓ https://thehackernews.com/2025/11/shadowray-20-exploits-unpatched-ray.html

🚨 ThreatsDay Bulletin — The EU wants to rewrite its privacy rules.

New proposal would let companies use personal data to train AI without consent, if done for “legitimate interest.”

Critics say it’s a major rollback of GDPR and a win for Big Tech.

Read more ↓ https://thehackernews.com/2025/11/threatsday-bulletin-0-days-linkedin.html#eu-rewires-privacy-playbook

🚨 Salesforce found unusual activity in Gainsight apps and cut off their access.

Hackers linked to ShinyHunters may have used those apps to steal Salesforce data from nearly 1,000 companies.

Gainsight was also hit in a similar attack earlier this year.

Full story ↓ https://thehackernews.com/2025/11/salesforce-flags-unauthorized-data.html

⚖️ The SEC just ended its case against SolarWinds — the company hit by the big 2020 hack.

After two years of blaming its security chief, the case was quietly dropped.

Now many wonder if anyone will be held responsible next time ↓ https://thehackernews.com/2025/11/sec-drops-solarwinds-case-after-years.html

⚠️ A hacking group linked to China just pulled a big one.

They used a marketing firm’s code to infect 1,000+ websites with a fake 🔔 Chrome update.

Click it — and you get BADAUDIO, new malware made to spy for months.

Full story ↓ https://thehackernews.com/2025/11/apt24-deploys-badaudio-in-years-long.html

Every phone could be a way in for hackers.

Samsung Galaxy devices check their security before they connect to your network.

That means real Zero Trust—built into the device itself.

Read ↓ https://thehackernews.com/2025/11/why-it-admins-choose-samsung-for-mobile.html

🚨 Google just made Android and iPhone share files directly using Quick Share and AirDrop.

It’s built in Rust for stronger security, and a small info leak found in testing is already fixed.

Full details ↓ https://thehackernews.com/2025/11/google-adds-airdrop-compatibility-to.html

🚨 Grafana fixed a major security bug (CVSS 10.0) that could let attackers sign in as admin users.

It affects Grafana Enterprise 12.0.0–12.2.1 if SCIM provisioning is turned on — a number like “1” could trick the system into giving admin access.

Update now to stay safe. Read more ↓ https://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html

🚨 CISA warns Oracle Identity Manager flaw (CVE-2025-61757) is under active attack.

Hackers can run code without login by adding ?WSDL or ;.wadl to URLs — a tiny trick that opens locked systems.

Exploited since August. Patch by Dec 12.

Full details ↓ https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.html

🚨 Hackers found a new way to phish — through browser notifications.

A new tool called Matrix Push C2 lets attackers send fake alerts that look like real ones from PayPal, Netflix, or TikTok.

No downloads. No malware file. Just one click — and your data’s theirs.

Learn more ↓ https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html