A fake VS Code extension made with AI just showed up on the Marketplace.

It ran ransomware on install — zipping, encrypting, and uploading files, all by itself.

Microsoft took it down quickly, but the developer accidentally left the control keys and decryption tools inside.

Here’s what happened and how it worked ↓ https://thehackernews.com/2025/11/vibe-coded-malicious-vs-code-extension.html

ChatGPT just helped researchers crack XLoader malware in hours — work that used to take days.

AI unpacked the code, found keys, and exposed C2 domains. Big shift for malware analysis.

Check this story ↓ https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html#ai-speeds-triage-but-human-skill-still-needed

Google just launched a new form to report extortion scams on Google Maps.

Scammers are posting fake 1⭐ reviews, then asking business owners to pay up to remove them.

This new tool is meant to stop the surge in “review bombing” hitting small businesses.

Read how it works ↓ https://thehackernews.com/2025/11/google-launches-new-maps-feature-to.html

Your company's logins could be on the dark web right now, and they could sell for as little as $15.

It only takes one click for hackers to walk right in.

Find out if your company’s credentials are exposed → https://thehackernews.com/2025/11/enterprise-credentials-at-risk-same-old.html

🚨 WARNING: Malicious NuGet packages were caught hiding delayed payloads—set to fire off years from now, in 2027–2028.

They look harmless. Some even helpful. But one, Sharp7Extend, quietly sabotages PLCs—crashing processes or corrupting writes after a short delay.

Nearly 10K downloads before anyone noticed.

Here’s what’s really going on ↓ https://thehackernews.com/2025/11/hidden-logic-bombs-in-malware-laced.html