New cyber rules mean every breach test counts. Most teams still run them in Excel.

At Georgetown, gain the tactical skills to plan for and respond to information security threats.

Attend our Nov. 19 webinar → https://thn.news/cyber-risk-webinar-in

🚨 Cisco warns hackers are targeting unpatched Secure Firewall ASA & FTD devices with a new attack variant exploiting two flaws — CVE-2025-20333 and CVE-2025-20362.

The attacks can crash devices (DoS) or let attackers run code as root.

Details here ↓ https://thehackernews.com/2025/11/cisco-warns-of-new-firewall-attack.html

⚠️ A Russia-linked group posed as ESET to hack Ukrainian organizations.

They sent fake ESET installers that looked real — but quietly installed a backdoor using the Tor network.

Experts call the group InedibleOchotense, tied to Sandworm.

Full story → https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html

Redis added an AI agent (Prophet Security) to its SOC, working alongside their MDR team.

The result: investigations that took hours now take about 10 minutes.

AI handles the routine alerts so humans can focus on real threats.

Here’s what actually worked ↓ https://thehackernews.com/expert-insights/2025/11/implementing-ai-in-soc-lessons-learned.html

A fake VS Code extension made with AI just showed up on the Marketplace.

It ran ransomware on install — zipping, encrypting, and uploading files, all by itself.

Microsoft took it down quickly, but the developer accidentally left the control keys and decryption tools inside.

Here’s what happened and how it worked ↓ https://thehackernews.com/2025/11/vibe-coded-malicious-vs-code-extension.html

ChatGPT just helped researchers crack XLoader malware in hours — work that used to take days.

AI unpacked the code, found keys, and exposed C2 domains. Big shift for malware analysis.

Check this story ↓ https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html#ai-speeds-triage-but-human-skill-still-needed

Google just launched a new form to report extortion scams on Google Maps.

Scammers are posting fake 1⭐ reviews, then asking business owners to pay up to remove them.

This new tool is meant to stop the surge in “review bombing” hitting small businesses.

Read how it works ↓ https://thehackernews.com/2025/11/google-launches-new-maps-feature-to.html

Your company's logins could be on the dark web right now, and they could sell for as little as $15.

It only takes one click for hackers to walk right in.

Find out if your company’s credentials are exposed → https://thehackernews.com/2025/11/enterprise-credentials-at-risk-same-old.html

🚨 WARNING: Malicious NuGet packages were caught hiding delayed payloads—set to fire off years from now, in 2027–2028.

They look harmless. Some even helpful. But one, Sharp7Extend, quietly sabotages PLCs—crashing processes or corrupting writes after a short delay.

Nearly 10K downloads before anyone noticed.

Here’s what’s really going on ↓ https://thehackernews.com/2025/11/hidden-logic-bombs-in-malware-laced.html

Chinese hackers used old bugs like Log4j and Struts to break into U.S. policy networks.

Then they hid using msbuild.exe and a fake system task to stay inside.

Old tricks. New targets.

Read the details ↓ https://thehackernews.com/2025/11/from-log4j-to-iis-chinas-hackers-turn.html

A single image file could hijack Galaxy phones.

Attackers hid a ZIP inside DNG photos sent over WhatsApp, exploiting a zero-day in Samsung’s image codec (CVE-2025-21042).

The implant — called LANDFALL — gave full spyware access.

Full report → https://thehackernews.com/2025/11/samsung-zero-click-flaw-exploited-to.html

Attackers are now using your cloud tools against you.

Fortinet uncovered a new campaign where stolen AWS credentials were used to run quiet recon and launch fraud from inside trusted environments.

No malware. No noise. Just normal-looking API traffic doing damage.

Read this story → https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html#researchers-uncover-large-scale-aws-abuse-network

🔥 Wild find from Microsoft.

Even when your AI chats are encrypted, someone watching the network can still guess what you’re talking about.

They call it "Whisper Leak" side-channel attack.

And in tests, models like OpenAI and Mistral gave away topics with 98% accuracy.

Worth your attention ↓ https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html

🚨 Three VS Code extensions — downloaded over 10,000 times — turned out to be part of a revived GlassWorm attack.

And... it spreads on its own. One infected developer can quietly compromise an entire team.

They're stealing credentials for GitHub, VSX, and crypto wallets while hiding in plain sight with invisible Unicode characters.

Read the whole story ↓ https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html

⚠️ Hackers are posing as Booking[.]com to target hotels.

Fake “security” emails trick managers into running a PowerShell script that installs PureRAT — giving full access to hotel systems.

Stolen logins and card data are being sold online.

More information here → https://thehackernews.com/2025/11/large-scale-clickfix-phishing-attacks.html

Everyone’s building with AI in the cloud.

Few are thinking about how to actually secure it.

#NetworkChuck just dropped a video with Wiz, showing how they’re finding hidden AI risks—“shadow AI”—before attackers do. It’s a smart look at where cloud security is headed next.

Worth a watch →

Last week in cyber was wild.

🔒 Malware hiding in VMs
🤖 AI chats leaking through encrypted traffic
📱 Spyware on flagship Androids
💣 Logic bombs set to go off years later
🕵️‍♂️ Fake AI bots, deepfakes, and more...

You can’t afford to miss this recap: https://thehackernews.com/2025/11/weekly-recap-hyper-v-malware-malicious.html

77% of employees paste sensitive data into GenAI tools.
Most use personal accounts, so IT can’t see it.

It’s all happening in the browser — and old DLP tools miss it completely.

The browser just became the biggest data leak in the enterprise ↓ https://thehackernews.com/2025/11/new-browser-security-report-reveals.html

North Korea’s Konni group just pulled off something wild — they turned Google’s own Find Hub into a weapon.

By stealing Google logins, they could remotely wipe Android phones, erasing data and covering their tracks.

It all started with a fake “Stress Clear” app, signed with a real Chinese company’s certificate.

Full story ↓ https://thehackernews.com/2025/11/konni-hackers-turn-googles-find-hub.html

🚨 UNC6485 is weaponizing CVE-2025-12480 (CVSS 9.1).

They bypassed Triofox auth, ran setup to create an admin, then pointed the antivirus path at centre_report.bat to run code as SYSTEM.

Read ↓ https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html