77% of employees paste sensitive data into GenAI tools.
Most use personal accounts, so IT canβt see it.
Itβs all happening in the browser β and old DLP tools miss it completely.
The browser just became the biggest data leak in the enterprise β https://thehackernews.com/2025/11/new-browser-security-report-reveals.html
Most use personal accounts, so IT canβt see it.
Itβs all happening in the browser β and old DLP tools miss it completely.
The browser just became the biggest data leak in the enterprise β https://thehackernews.com/2025/11/new-browser-security-report-reveals.html
π18π7π€―1
North Koreaβs Konni group just pulled off something wild β they turned Googleβs own Find Hub into a weapon.
By stealing Google logins, they could remotely wipe Android phones, erasing data and covering their tracks.
It all started with a fake βStress Clearβ app, signed with a real Chinese companyβs certificate.
Full story β https://thehackernews.com/2025/11/konni-hackers-turn-googles-find-hub.html
By stealing Google logins, they could remotely wipe Android phones, erasing data and covering their tracks.
It all started with a fake βStress Clearβ app, signed with a real Chinese companyβs certificate.
Full story β https://thehackernews.com/2025/11/konni-hackers-turn-googles-find-hub.html
π10π5π1
π¨ UNC6485 is weaponizing CVE-2025-12480 (CVSS 9.1).
They bypassed Triofox auth, ran setup to create an admin, then pointed the antivirus path at centre_report.bat to run code as SYSTEM.
Read β https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html
They bypassed Triofox auth, ran setup to create an admin, then pointed the antivirus path at centre_report.bat to run code as SYSTEM.
Read β https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html
π12π6π₯2π€―1
Hackers arenβt after people anymore β theyβre after bots.
API keys and tokens now run much of your SaaS, often with full access.
One stolen token let attackers break into hundreds of Salesforce accounts.
See how it happened β https://thehackernews.com/expert-insights/2025/11/whos-really-using-your-saas-rise-of-non.html
API keys and tokens now run much of your SaaS, often with full access.
One stolen token let attackers break into hundreds of Salesforce accounts.
See how it happened β https://thehackernews.com/expert-insights/2025/11/whos-really-using-your-saas-rise-of-non.html
π14π₯2π2π2
A fake npm package was caught pretending to be GitHubβs real one.
~acitons/artifact (with the typo) tried to steal build tokens from GitHub repos.
It ran a postinstall script that sent secrets to a fake GitHub site.
Full story β https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html
~acitons/artifact (with the typo) tried to steal build tokens from GitHub repos.
It ran a postinstall script that sent secrets to a fake GitHub site.
Full story β https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html
π₯10π2π2
π¨ π¨ New Android RAT β βFantasy Hubβ β is on sale on Russian Telegram: $200/week or $4,500/year.
It turns any app into spyware, pretends to be a Play update, hijacks SMS to steal 2FA, and streams camera/mic in real time via WebRTC.
Novices can buy and run it. If you use BYOD or mobile banking, read more β https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html
It turns any app into spyware, pretends to be a Play update, hijacks SMS to steal 2FA, and streams camera/mic in real time via WebRTC.
Novices can buy and run it. If you use BYOD or mobile banking, read more β https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html
π₯16π7π3
AI-driven supply chain attacks jumped 156% last year.
This new malware rewrites itself, looks like real code, and waits weeks before hitting. Most security tools canβt spot it.
See what CISOs are doing to fight back β https://thehackernews.com/2025/11/cisos-expert-guide-to-ai-supply-chain.html
This new malware rewrites itself, looks like real code, and waits weeks before hitting. Most security tools canβt spot it.
See what CISOs are doing to fight back β https://thehackernews.com/2025/11/cisos-expert-guide-to-ai-supply-chain.html
π₯6π3π3
π¨ GootLoader is back β and smarter.
Huntress found 3 new cases since Oct 27. In 2 of them, attackers took full control in under 17 hours.
Now it hides fake PDFs using special web fonts so the files look safe. ZIPs fool scanners but open real malware on Windows.
Details β https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html
Huntress found 3 new cases since Oct 27. In 2 of them, attackers took full control in under 17 hours.
Now it hides fake PDFs using special web fonts so the files look safe. ZIPs fool scanners but open real malware on Windows.
Details β https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html
π8π₯3π3
A new malware called Maverick is spreading through WhatsApp Web.
It can copy your Chrome data to skip QR logins, turn off Defender, and message your contacts from your account.
Full story β https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html
It can copy your Chrome data to skip QR logins, turn off Defender, and message your contacts from your account.
Full story β https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html
π±17π₯6π4π4
This media is not supported in your browser
VIEW IN TELEGRAM
π₯ Google just launched Private AI Compute β a new cloud system that runs AI without letting Google see your data.
It keeps Gemini models inside secure, encrypted hardware to protect privacy.
Auditors did find small flaws that could, in rare cases, expose users β but Google says fixes are on the way.
Read more β https://thehackernews.com/2025/11/google-launches-private-ai-compute.html
It keeps Gemini models inside secure, encrypted hardware to protect privacy.
Auditors did find small flaws that could, in rare cases, expose users β but Google says fixes are on the way.
Read more β https://thehackernews.com/2025/11/google-launches-private-ai-compute.html
π₯12π€7π2π±2π1
π€ 82% of companies use AI agents.
π 53% let them access sensitive data every day.
β οΈ Most donβt know who owns or controls them.
One forgotten agent can leak everything.
How to stop it β https://thehackernews.com/expert-insights/2025/11/governing-ai-agents-from-enterprise.html
π 53% let them access sensitive data every day.
β οΈ Most donβt know who owns or controls them.
One forgotten agent can leak everything.
How to stop it β https://thehackernews.com/expert-insights/2025/11/governing-ai-agents-from-enterprise.html
π11π₯4π2
π¨ Microsoft just fixed a Windows flaw hackers are already exploiting in the wild.
The kernel bug (CVE-2025-62215) lets anyone with local access gain full control β and itβs being linked with other attacks for complete takeover.
Install the latest patches now β https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html
The kernel bug (CVE-2025-62215) lets anyone with local access gain full control β and itβs being linked with other attacks for complete takeover.
Install the latest patches now β https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html
π17π₯2
Scale Container Security with Confidence β Live Webinar
Learn how top teams build secure, compliant containers that scale β without slowing delivery.
π Nov 25 | 11 AM EST
ποΈ 20-Minute Session + Q&A
Save Your Seat π https://thn.news/webinar-insights
Learn how top teams build secure, compliant containers that scale β without slowing delivery.
π Nov 25 | 11 AM EST
ποΈ 20-Minute Session + Q&A
Save Your Seat π https://thn.news/webinar-insights
π9
Active Directory is the single point of failure for most enterprises.
One bad password or missed update can give attackers full control. They know it. Most teams donβt act on it.
See what the latest breach exposed β https://thehackernews.com/2025/11/active-directory-under-siege-why.html
One bad password or missed update can give attackers full control. They know it. Most teams donβt act on it.
See what the latest breach exposed β https://thehackernews.com/2025/11/active-directory-under-siege-why.html
π₯10π2π2π€―1
β‘ Hackers only need one open door. Most tools find it after theyβre inside.
Dynamic Attack Surface Reduction (DASR) spots weak points as they appearβand closes them fast. Fewer alerts. Stronger defense.
Join this WEBINAR to see how it works β https://thehackernews.com/2025/11/webinar-learn-how-leading-security.html
Dynamic Attack Surface Reduction (DASR) spots weak points as they appearβand closes them fast. Fewer alerts. Stronger defense.
Join this WEBINAR to see how it works β https://thehackernews.com/2025/11/webinar-learn-how-leading-security.html
π€―5β‘3π2π2
π¨ Amazon revealed details of attacks exploiting two recent flaws in Cisco ISE and Citrix NetScaler β both used as zero-days.
Hackers made a fake Cisco file that hid in memory, watched traffic, and stole access without being seen.
Full story β https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html
Hackers made a fake Cisco file that hid in memory, watched traffic, and stole access without being seen.
Full story β https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html
π₯8π4π1
π» Google sued a Chinese hacker group that runs a phishing service called Lighthouse.
It tricked over 1 million people in 120 countries and made more than $1 billion using fake Google and USPS pages.
They sold the phishing kits β $88 a week to $1,588 a year.
Read more β https://thehackernews.com/2025/11/google-sues-china-based-hackers-behind.html
It tricked over 1 million people in 120 countries and made more than $1 billion using fake Google and USPS pages.
They sold the phishing kits β $88 a week to $1,588 a year.
Read more β https://thehackernews.com/2025/11/google-sues-china-based-hackers-behind.html
π25π±7π3β‘1π1
π¨ Over 43,000 fake npm packages have flooded the registry since 2024.
They donβt steal data β they just keep cloning themselves. A hidden script waits until someone runs node auto.js, then the cycle starts.
It went unnoticed for almost two years.
Read more β https://thehackernews.com/2025/11/over-46000-fake-npm-packages-flood.html
They donβt steal data β they just keep cloning themselves. A hidden script waits until someone runs node auto.js, then the cycle starts.
It went unnoticed for almost two years.
Read more β https://thehackernews.com/2025/11/over-46000-fake-npm-packages-flood.html
π6π±5
π¨ CISA says hackers are exploiting a serious WatchGuard firewall flaw (CVE-2025-9242, score 9.3).
Attackers can run code without logging in.
Over 54,000 Firebox devices are still exposed. Patch before Dec 3.
Details β https://thehackernews.com/2025/11/cisa-flags-critical-watchguard-fireware.html
Attackers can run code without logging in.
Over 54,000 Firebox devices are still exposed. Patch before Dec 3.
Details β https://thehackernews.com/2025/11/cisa-flags-critical-watchguard-fireware.html
π±9π₯5π1
π¨ New ThreatsDay Bulletin is out!
From AI bug bounties and data leaks to phishing kits and global cyber laws β hereβs whatβs shaping the week in cybersecurity.
π Read the full update: https://thehackernews.com/2025/11/threatsday-bulletin-cisco-0-days-ai-bug.html
From AI bug bounties and data leaks to phishing kits and global cyber laws β hereβs whatβs shaping the week in cybersecurity.
π Read the full update: https://thehackernews.com/2025/11/threatsday-bulletin-cisco-0-days-ai-bug.html
π5π1