π¨ Cisco warns hackers are targeting unpatched Secure Firewall ASA & FTD devices with a new attack variant exploiting two flaws β CVE-2025-20333 and CVE-2025-20362.
The attacks can crash devices (DoS) or let attackers run code as root.
Details here β https://thehackernews.com/2025/11/cisco-warns-of-new-firewall-attack.html
The attacks can crash devices (DoS) or let attackers run code as root.
Details here β https://thehackernews.com/2025/11/cisco-warns-of-new-firewall-attack.html
π6π4
β οΈ A Russia-linked group posed as ESET to hack Ukrainian organizations.
They sent fake ESET installers that looked real β but quietly installed a backdoor using the Tor network.
Experts call the group InedibleOchotense, tied to Sandworm.
Full story β https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html
They sent fake ESET installers that looked real β but quietly installed a backdoor using the Tor network.
Experts call the group InedibleOchotense, tied to Sandworm.
Full story β https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html
π€―8π₯5π4π2
Redis added an AI agent (Prophet Security) to its SOC, working alongside their MDR team.
The result: investigations that took hours now take about 10 minutes.
AI handles the routine alerts so humans can focus on real threats.
Hereβs what actually worked β https://thehackernews.com/expert-insights/2025/11/implementing-ai-in-soc-lessons-learned.html
The result: investigations that took hours now take about 10 minutes.
AI handles the routine alerts so humans can focus on real threats.
Hereβs what actually worked β https://thehackernews.com/expert-insights/2025/11/implementing-ai-in-soc-lessons-learned.html
π12π€8π3π₯2
A fake VS Code extension made with AI just showed up on the Marketplace.
It ran ransomware on install β zipping, encrypting, and uploading files, all by itself.
Microsoft took it down quickly, but the developer accidentally left the control keys and decryption tools inside.
Hereβs what happened and how it worked β https://thehackernews.com/2025/11/vibe-coded-malicious-vs-code-extension.html
It ran ransomware on install β zipping, encrypting, and uploading files, all by itself.
Microsoft took it down quickly, but the developer accidentally left the control keys and decryption tools inside.
Hereβs what happened and how it worked β https://thehackernews.com/2025/11/vibe-coded-malicious-vs-code-extension.html
π8π7π4
ChatGPT just helped researchers crack XLoader malware in hours β work that used to take days.
AI unpacked the code, found keys, and exposed C2 domains. Big shift for malware analysis.
Check this story β https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html#ai-speeds-triage-but-human-skill-still-needed
AI unpacked the code, found keys, and exposed C2 domains. Big shift for malware analysis.
Check this story β https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html#ai-speeds-triage-but-human-skill-still-needed
π₯18π10π5
Google just launched a new form to report extortion scams on Google Maps.
Scammers are posting fake 1β reviews, then asking business owners to pay up to remove them.
This new tool is meant to stop the surge in βreview bombingβ hitting small businesses.
Read how it works β https://thehackernews.com/2025/11/google-launches-new-maps-feature-to.html
Scammers are posting fake 1β reviews, then asking business owners to pay up to remove them.
This new tool is meant to stop the surge in βreview bombingβ hitting small businesses.
Read how it works β https://thehackernews.com/2025/11/google-launches-new-maps-feature-to.html
π€11π6π₯5π3
Your company's logins could be on the dark web right now, and they could sell for as little as $15.
It only takes one click for hackers to walk right in.
Find out if your companyβs credentials are exposed β https://thehackernews.com/2025/11/enterprise-credentials-at-risk-same-old.html
It only takes one click for hackers to walk right in.
Find out if your companyβs credentials are exposed β https://thehackernews.com/2025/11/enterprise-credentials-at-risk-same-old.html
π€―5π4
π¨ WARNING: Malicious NuGet packages were caught hiding delayed payloadsβset to fire off years from now, in 2027β2028.
They look harmless. Some even helpful. But one, Sharp7Extend, quietly sabotages PLCsβcrashing processes or corrupting writes after a short delay.
Nearly 10K downloads before anyone noticed.
Hereβs whatβs really going on β https://thehackernews.com/2025/11/hidden-logic-bombs-in-malware-laced.html
They look harmless. Some even helpful. But one, Sharp7Extend, quietly sabotages PLCsβcrashing processes or corrupting writes after a short delay.
Nearly 10K downloads before anyone noticed.
Hereβs whatβs really going on β https://thehackernews.com/2025/11/hidden-logic-bombs-in-malware-laced.html
π₯12π5π4
Chinese hackers used old bugs like Log4j and Struts to break into U.S. policy networks.
Then they hid using msbuild.exe and a fake system task to stay inside.
Old tricks. New targets.
Read the details β https://thehackernews.com/2025/11/from-log4j-to-iis-chinas-hackers-turn.html
Then they hid using msbuild.exe and a fake system task to stay inside.
Old tricks. New targets.
Read the details β https://thehackernews.com/2025/11/from-log4j-to-iis-chinas-hackers-turn.html
π6π€3π₯2π1
A single image file could hijack Galaxy phones.
Attackers hid a ZIP inside DNG photos sent over WhatsApp, exploiting a zero-day in Samsungβs image codec (CVE-2025-21042).
The implant β called LANDFALL β gave full spyware access.
Full report β https://thehackernews.com/2025/11/samsung-zero-click-flaw-exploited-to.html
Attackers hid a ZIP inside DNG photos sent over WhatsApp, exploiting a zero-day in Samsungβs image codec (CVE-2025-21042).
The implant β called LANDFALL β gave full spyware access.
Full report β https://thehackernews.com/2025/11/samsung-zero-click-flaw-exploited-to.html
π₯12π5π±4π3π€―1
Attackers are now using your cloud tools against you.
Fortinet uncovered a new campaign where stolen AWS credentials were used to run quiet recon and launch fraud from inside trusted environments.
No malware. No noise. Just normal-looking API traffic doing damage.
Read this story β https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html#researchers-uncover-large-scale-aws-abuse-network
Fortinet uncovered a new campaign where stolen AWS credentials were used to run quiet recon and launch fraud from inside trusted environments.
No malware. No noise. Just normal-looking API traffic doing damage.
Read this story β https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html#researchers-uncover-large-scale-aws-abuse-network
π₯13π4π4
π₯ Wild find from Microsoft.
Even when your AI chats are encrypted, someone watching the network can still guess what youβre talking about.
They call it "Whisper Leak" side-channel attack.
And in tests, models like OpenAI and Mistral gave away topics with 98% accuracy.
Worth your attention β https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html
Even when your AI chats are encrypted, someone watching the network can still guess what youβre talking about.
They call it "Whisper Leak" side-channel attack.
And in tests, models like OpenAI and Mistral gave away topics with 98% accuracy.
Worth your attention β https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html
π₯8π±5π4π1π€1