π¨ Fluent Bit β deployed over 15 Billion times β just got hit with 5 critical CVEs.
Attackers can exploit them to run code, rewrite or delete logs, and fake telemetry across AWS, GCP & Azure.
Some of these bugs have been in Fluent Bit for over 8 years.
More details β https://thehackernews.com/2025/11/new-fluent-bit-flaws-expose-cloud-to.html
Attackers can exploit them to run code, rewrite or delete logs, and fake telemetry across AWS, GCP & Azure.
Some of these bugs have been in Fluent Bit for over 8 years.
More details β https://thehackernews.com/2025/11/new-fluent-bit-flaws-expose-cloud-to.html
π13π₯3π€―2π1
π State-linked hackers are hijacking Signal, WhatsApp, and Telegram accounts using spyware disguised as real apps β some use zero-click bugs on iPhones and Androids.
Targets include diplomats and officials across the U.S., Europe, and the Middle East.
Read the full report β https://thehackernews.com/2025/11/cisa-warns-of-active-spyware-campaigns.html
Targets include diplomats and officials across the U.S., Europe, and the Middle East.
Read the full report β https://thehackernews.com/2025/11/cisa-warns-of-active-spyware-campaigns.html
π€―14π6π₯3β‘1
Most insider threat tools still expose personal data during monitoring.
That means even your βsecureβ session recordings may violate GDPR or HIPAA β without you realizing it.
Ani Khachatryan, CTO at Syteca, explains how real-time data masking can preserve visibility without breaching privacy.
Learn more β https://thehackernews.com/expert-insights/2025/11/smarter-access-better-protected-data.html
That means even your βsecureβ session recordings may violate GDPR or HIPAA β without you realizing it.
Ani Khachatryan, CTO at Syteca, explains how real-time data masking can preserve visibility without breaching privacy.
Learn more β https://thehackernews.com/expert-insights/2025/11/smarter-access-better-protected-data.html
β‘4π4π₯1
Hackers are weaponizing Blender files.
Malicious .blend projects uploaded to CGTrader run hidden Python scripts that install StealC V2 β a stealer able to grab data from 23 browsers, 15 crypto wallets, VPNs, and email clients.
Itβs been active for at least 6 months.
Keep Auto Run off. Read here β https://thehackernews.com/2025/11/hackers-hijack-blender-3d-assets-to.html
Malicious .blend projects uploaded to CGTrader run hidden Python scripts that install StealC V2 β a stealer able to grab data from 23 browsers, 15 crypto wallets, VPNs, and email clients.
Itβs been active for at least 6 months.
Keep Auto Run off. Read here β https://thehackernews.com/2025/11/hackers-hijack-blender-3d-assets-to.html
π±7π€―4π2
π¨ Hackers known as "ToddyCat" found a new way to steal #Outlook emails.
Their tool TCSectorCopy skips Outlook locks and copies mail files straight from the disk β no network use, no alerts.
They also use TomBerBil and SharpTokenFinder to steal OAuth and #Microsoft365 tokens.
More details here β https://thehackernews.com/2025/11/toddycats-new-hacking-tools-steal.html
Their tool TCSectorCopy skips Outlook locks and copies mail files straight from the disk β no network use, no alerts.
They also use TomBerBil and SharpTokenFinder to steal OAuth and #Microsoft365 tokens.
More details here β https://thehackernews.com/2025/11/toddycats-new-hacking-tools-steal.html
π₯8π€―3β‘2π1π±1
In 2026, hackers will use AI as their main weapon.
Theyβll use it to run scams, copy people, and trick systems fast. Many security tools canβt spot it.
ANYRUN built a sandbox that clicks and tests like a real person to find these attacks.
Learn about it here β https://thehackernews.com/2025/11/3-soc-challenges-you-need-to-solve.html
Theyβll use it to run scams, copy people, and trick systems fast. Many security tools canβt spot it.
ANYRUN built a sandbox that clicks and tests like a real person to find these attacks.
Learn about it here β https://thehackernews.com/2025/11/3-soc-challenges-you-need-to-solve.html
π₯14π5π4π€1
1 in 5 DevOps, Security, Product, and Developer professionals say vulnerable and outdated components are their biggest security concern.
If youβre building or running container-based systems, this is your cue to pause and ask: Do you know which container images are hardened, which ones still carry drift, and how youβll prove theyβre safe before they hit production?
This checklist is designed for teams to consistently build hardened, trustworthy containers by covering four key areas: base image selection, application-dependency management, minimization & hardening, and signing/verification.
π Download the checklist here: https://thn.news/container-checklist
If youβre building or running container-based systems, this is your cue to pause and ask: Do you know which container images are hardened, which ones still carry drift, and how youβll prove theyβre safe before they hit production?
This checklist is designed for teams to consistently build hardened, trustworthy containers by covering four key areas: base image selection, application-dependency management, minimization & hardening, and signing/verification.
π Download the checklist here: https://thn.news/container-checklist
π8
π¨ Hackers built fake adult sites that show a fake Windows update.
It tells you to copy and paste a βfixβ β but that command secretly installs up to 8 programs that steal passwords and data.
Researchers call it JackFix, part of the ClickFix trend now behind nearly half of all breaches.
Details β https://thehackernews.com/2025/11/jackfix-uses-fake-windows-update-pop.html
It tells you to copy and paste a βfixβ β but that command secretly installs up to 8 programs that steal passwords and data.
Researchers call it JackFix, part of the ClickFix trend now behind nearly half of all breaches.
Details β https://thehackernews.com/2025/11/jackfix-uses-fake-windows-update-pop.html
π26π8π€―7
π¨ WARNING: Over 80,000 files with passwords and keys from governments, banks, and tech firms were found online β all pasted into public code tools like JSONFormatter and CodeBeautify.
Hackers are already scraping and using the data.
And yes β itβs still live.
Details here β https://thehackernews.com/2025/11/years-of-jsonformatter-and-codebeautify.html
Hackers are already scraping and using the data.
And yes β itβs still live.
Details here β https://thehackernews.com/2025/11/years-of-jsonformatter-and-codebeautify.html
π15π€11π€―9π₯5π2
π¨ FBI ALERT: Scammers are posing as banks to steal logins β causing $262M in losses this year.
Now theyβre using AI to create fake Black Friday sites and ads that look real.
They trick people into handing over passwords and money.
Learn more β https://thehackernews.com/2025/11/fbi-reports-262m-in-ato-fraud-as.html
Now theyβre using AI to create fake Black Friday sites and ads that look real.
They trick people into handing over passwords and money.
Learn more β https://thehackernews.com/2025/11/fbi-reports-262m-in-ato-fraud-as.html
π€―6π4π₯2
Russiaβs GRU tried a new way to spread RomCom malware.
For the first time, they used SocGholish β fake browser update malware β to target a U.S. engineering firm linked to Ukraine.
The attack went from click to malware in under 30 minutes.
Read the latest report β https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html
For the first time, they used SocGholish β fake browser update malware β to target a U.S. engineering firm linked to Ukraine.
The attack went from click to malware in under 30 minutes.
Read the latest report β https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html
π₯10π1
π¨ A Chrome extension is stealing crypto.
βCrypto Copilotβ looks like a trading tool for X β but it secretly adds a hidden Solana transfer and sends your money to a hackerβs wallet.
Itβs still live on the Chrome Web Store.
Full story β https://thehackernews.com/2025/11/chrome-extension-caught-injecting.html
βCrypto Copilotβ looks like a trading tool for X β but it secretly adds a hidden Solana transfer and sends your money to a hackerβs wallet.
Itβs still live on the Chrome Web Store.
Full story β https://thehackernews.com/2025/11/chrome-extension-caught-injecting.html
β οΈ Hackers love community update tools.
Why? Because anyone can upload a package.
One bad update = hacked systems.
π Join our free live webinar with Action1 CTO Gene Moody β see how to patch safely without slowing down.
Save your spot β https://thehackernews.com/2025/11/webinar-learn-to-spot-risks-and-patch.html
Why? Because anyone can upload a package.
One bad update = hacked systems.
π Join our free live webinar with Action1 CTO Gene Moody β see how to patch safely without slowing down.
Save your spot β https://thehackernews.com/2025/11/webinar-learn-to-spot-risks-and-patch.html