New Iranian threat actor identified – UNK_SmudgedSerpent.

From June to August, they tricked U.S. academics with fake Microsoft Teams invites that secretly installed remote access tools.

Read on ↓ https://thehackernews.com/2025/11/mysterious-smudgedserpent-hackers.html

⚠️ Researchers have found 7 new ways to hack ChatGPT (GPT-4o and GPT-5), including zero-click attacks that can steal chat history and even poison your AI's memory.

OpenAI fixed some of them... but not all of them.

Details here → https://thehackernews.com/2025/11/researchers-find-chatgpt.html

⚡ Google spotted malware that uses Gemini AI to rewrite its own code.

It’s called PROMPTFLUX — a simple script that asks Gemini for new ways to hide from antivirus tools.

More information ↓ https://thehackernews.com/2025/11/google-uncovers-promptflux-malware-that.html

SonicWall just confirmed the September breach was done by a state-backed hacker group.

They got in through one API call and accessed firewall backups — no ransom, just quiet data theft.

Here’s what happened ↓ https://thehackernews.com/2025/11/sonicwall-confirms-state-sponsored.html

⚡ Hackers turned Windows against itself.

Curly COMrades is using Microsoft's Hyper-V to run small Linux virtual machines inside Windows 10.

This is a sneaky way to get their malware past EDR tools.

Read the whole story ↓ https://thehackernews.com/2025/11/hackers-weaponize-windows-hyper-v-to.html

Over 600 companies say they offer MDR.
Gartner’s new report shows only a few truly deliver.

It also highlights a big gap — most rely too much on automation, not enough on real human response.

Worth a read → https://thehackernews.com/2025/11/bitdefender-named-representative-vendor.html

🛡️ ThreatsDay Bulletin is out!

🔹 Cyber threats are getting personal.
🔹 AI helps stop attacks — but it’s also powering them.
🔹 Botnets, fake apps, and scams are growing fast.

Here’s what’s really happening this week in cyber → https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html

New cyber rules mean every breach test counts. Most teams still run them in Excel.

At Georgetown, gain the tactical skills to plan for and respond to information security threats.

Attend our Nov. 19 webinar → https://thn.news/cyber-risk-webinar-in

🚨 Cisco warns hackers are targeting unpatched Secure Firewall ASA & FTD devices with a new attack variant exploiting two flaws — CVE-2025-20333 and CVE-2025-20362.

The attacks can crash devices (DoS) or let attackers run code as root.

Details here ↓ https://thehackernews.com/2025/11/cisco-warns-of-new-firewall-attack.html

⚠️ A Russia-linked group posed as ESET to hack Ukrainian organizations.

They sent fake ESET installers that looked real — but quietly installed a backdoor using the Tor network.

Experts call the group InedibleOchotense, tied to Sandworm.

Full story → https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html

Redis added an AI agent (Prophet Security) to its SOC, working alongside their MDR team.

The result: investigations that took hours now take about 10 minutes.

AI handles the routine alerts so humans can focus on real threats.

Here’s what actually worked ↓ https://thehackernews.com/expert-insights/2025/11/implementing-ai-in-soc-lessons-learned.html

A fake VS Code extension made with AI just showed up on the Marketplace.

It ran ransomware on install — zipping, encrypting, and uploading files, all by itself.

Microsoft took it down quickly, but the developer accidentally left the control keys and decryption tools inside.

Here’s what happened and how it worked ↓ https://thehackernews.com/2025/11/vibe-coded-malicious-vs-code-extension.html

ChatGPT just helped researchers crack XLoader malware in hours — work that used to take days.

AI unpacked the code, found keys, and exposed C2 domains. Big shift for malware analysis.

Check this story ↓ https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html#ai-speeds-triage-but-human-skill-still-needed

Google just launched a new form to report extortion scams on Google Maps.

Scammers are posting fake 1⭐ reviews, then asking business owners to pay up to remove them.

This new tool is meant to stop the surge in “review bombing” hitting small businesses.

Read how it works ↓ https://thehackernews.com/2025/11/google-launches-new-maps-feature-to.html

Your company's logins could be on the dark web right now, and they could sell for as little as $15.

It only takes one click for hackers to walk right in.

Find out if your company’s credentials are exposed → https://thehackernews.com/2025/11/enterprise-credentials-at-risk-same-old.html

🚨 WARNING: Malicious NuGet packages were caught hiding delayed payloads—set to fire off years from now, in 2027–2028.

They look harmless. Some even helpful. But one, Sharp7Extend, quietly sabotages PLCs—crashing processes or corrupting writes after a short delay.

Nearly 10K downloads before anyone noticed.

Here’s what’s really going on ↓ https://thehackernews.com/2025/11/hidden-logic-bombs-in-malware-laced.html

Chinese hackers used old bugs like Log4j and Struts to break into U.S. policy networks.

Then they hid using msbuild.exe and a fake system task to stay inside.

Old tricks. New targets.

Read the details ↓ https://thehackernews.com/2025/11/from-log4j-to-iis-chinas-hackers-turn.html

A single image file could hijack Galaxy phones.

Attackers hid a ZIP inside DNG photos sent over WhatsApp, exploiting a zero-day in Samsung’s image codec (CVE-2025-21042).

The implant — called LANDFALL — gave full spyware access.

Full report → https://thehackernews.com/2025/11/samsung-zero-click-flaw-exploited-to.html

Attackers are now using your cloud tools against you.

Fortinet uncovered a new campaign where stolen AWS credentials were used to run quiet recon and launch fraud from inside trusted environments.

No malware. No noise. Just normal-looking API traffic doing damage.

Read this story → https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html#researchers-uncover-large-scale-aws-abuse-network