π¨ A Chrome extension is stealing crypto.
βCrypto Copilotβ looks like a trading tool for X β but it secretly adds a hidden Solana transfer and sends your money to a hackerβs wallet.
Itβs still live on the Chrome Web Store.
Full story β https://thehackernews.com/2025/11/chrome-extension-caught-injecting.html
βCrypto Copilotβ looks like a trading tool for X β but it secretly adds a hidden Solana transfer and sends your money to a hackerβs wallet.
Itβs still live on the Chrome Web Store.
Full story β https://thehackernews.com/2025/11/chrome-extension-caught-injecting.html
π6π5π±1
β οΈ Hackers love community update tools.
Why? Because anyone can upload a package.
One bad update = hacked systems.
π Join our free live webinar with Action1 CTO Gene Moody β see how to patch safely without slowing down.
Save your spot β https://thehackernews.com/2025/11/webinar-learn-to-spot-risks-and-patch.html
Why? Because anyone can upload a package.
One bad update = hacked systems.
π Join our free live webinar with Action1 CTO Gene Moody β see how to patch safely without slowing down.
Save your spot β https://thehackernews.com/2025/11/webinar-learn-to-spot-risks-and-patch.html
π5
Media is too big
VIEW IN TELEGRAM
π€ We talk a lot about securing AI.
Almost no one talks about where itβs actually hiding.
NetworkChuck just dropped a video with Wiz, showing how theyβre finding hidden AI risksββshadow AIββbefore attackers do. Itβs a smart look at where cloud security is headed next.
πSee Wiz in Action β https://thn.news/cloud-security-demo
Almost no one talks about where itβs actually hiding.
NetworkChuck just dropped a video with Wiz, showing how theyβre finding hidden AI risksββshadow AIββbefore attackers do. Itβs a smart look at where cloud security is headed next.
πSee Wiz in Action β https://thn.news/cloud-security-demo
π13π8π₯3
π₯ Hackers hit South Koreaβs banks through one IT vendor β spreading Qilin ransomware to 28 firms and stealing 2 TB of data.
Evidence suggests Russian and North Korean groups worked together.
Full story β https://thehackernews.com/2025/11/qilin-ransomware-turns-south-korean-msp.html
Evidence suggests Russian and North Korean groups worked together.
Full story β https://thehackernews.com/2025/11/qilin-ransomware-turns-south-korean-msp.html
π€―20π₯8π±6π3
β οΈ Eight βadvancedβ tools failed at once.
A phishing attack slipped past all of them and reached exec inboxes. Only one thing stopped it β a strong SOC.
π Learn why your βfirst lineβ is useless without the last β https://thehackernews.com/2025/11/when-your-2m-security-detection-fails.html
A phishing attack slipped past all of them and reached exec inboxes. Only one thing stopped it β a strong SOC.
π Learn why your βfirst lineβ is useless without the last β https://thehackernews.com/2025/11/when-your-2m-security-detection-fails.html
π12
β οΈ Hundreds of Maven packages just got caught running Shai-Hulud v2 β the same malware that hijacked npm.
It spread through automated rebuilds, infecting devs who never used npm.
Hiding in the Bun runtime, it steals GitHub + cloud creds and self-replicates like a worm β already leaking 11,000+ secrets across 4,600 repos.
Details here β https://thehackernews.com/2025/11/shai-hulud-v2-campaign-spreads-from-npm.html
It spread through automated rebuilds, infecting devs who never used npm.
Hiding in the Bun runtime, it steals GitHub + cloud creds and self-replicates like a worm β already leaking 11,000+ secrets across 4,600 repos.
Details here β https://thehackernews.com/2025/11/shai-hulud-v2-campaign-spreads-from-npm.html
π11π₯6
π Gainsight just revealed more customers were affected than originally disclosed.
Salesforce revoked all Gainsight access tokens after the breach tied to ShinyHunters β and the same user-agent from prior Salesloft attacks popped up again.
The full scope remains unknown.
Read here β https://thehackernews.com/2025/11/gainsight-expands-impacted-customer.html
Salesforce revoked all Gainsight access tokens after the breach tied to ShinyHunters β and the same user-agent from prior Salesloft attacks popped up again.
The full scope remains unknown.
Read here β https://thehackernews.com/2025/11/gainsight-expands-impacted-customer.html
π±6π5
π¨ New ThreatsDay Bulletin is live!
π€ AI malware that learns your habits
π Voice bots turned into attack tools
πΈ Crypto rings laundering billions
π IoT gear under siege again
π Smishing scams spreading worldwide
All that and 20+ more stories shaping the week in cybersecurity.
π Read now: https://thehackernews.com/2025/11/threatsday-bulletin-ai-malware-voice.html
π€ AI malware that learns your habits
π Voice bots turned into attack tools
πΈ Crypto rings laundering billions
π IoT gear under siege again
π Smishing scams spreading worldwide
All that and 20+ more stories shaping the week in cybersecurity.
π Read now: https://thehackernews.com/2025/11/threatsday-bulletin-ai-malware-voice.html
π₯7π€5
Microsoft will block all non-Microsoft scripts on Entra ID logins starting Oct 2026.
If your sign-in flow or browser extension injects any code, it may break β so test ASAP.
The new Content Security Policy only lets trusted Microsoft-hosted scripts.
Read more β https://thehackernews.com/2025/11/microsoft-to-block-unauthorized-scripts.html
If your sign-in flow or browser extension injects any code, it may break β so test ASAP.
The new Content Security Policy only lets trusted Microsoft-hosted scripts.
Read more β https://thehackernews.com/2025/11/microsoft-to-block-unauthorized-scripts.html
π€12π8π2
Hackers posing as Kyrgyzstanβs Justice Ministry are spreading 2013-era NetSupport RAT across Kyrgyzstan and Uzbekistan using fake PDFs and old Java tricksβblocking outsiders to hide the attack.
Old tools. New victims. β https://thehackernews.com/2025/11/bloody-wolf-expands-java-based.html
Old tools. New victims. β https://thehackernews.com/2025/11/bloody-wolf-expands-java-based.html
π₯19π4π4π1
VPNs werenβt built for todayβs hybrid networks. Hackers now exploit them as entry points to steal admin creds.
Remote Privileged Access Management (RPAM) closes that gap β no VPNs, no shared passwords, full session tracking.
Why itβs replacing PAM β https://thehackernews.com/2025/11/why-organizations-are-turning-to-rpam.html
Remote Privileged Access Management (RPAM) closes that gap β no VPNs, no shared passwords, full session tracking.
Why itβs replacing PAM β https://thehackernews.com/2025/11/why-organizations-are-turning-to-rpam.html
π₯14π€―5π3π1
π¨ North Korean hackers uploaded 197 malicious npm packages (31K+ downloads).
They drop a new OtterCookie variant that steals passwords, crypto data, and screenshots β all from a fake job interview setup.
Details here β https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html
They drop a new OtterCookie variant that steals passwords, crypto data, and screenshots β all from a fake job interview setup.
Details here β https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html
π7π±4π₯3π2
β οΈ Researchers found old Python code that could expose projects to a supply chain attack.
Some PyPI packages β including Tornado and slapos.core β still call an expired domain that anyone could buy and use to run malicious code.
Details β https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html
Some PyPI packages β including Tornado and slapos.core β still call an expired domain that anyone could buy and use to run malicious code.
Details β https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html
π₯7