π¨ UNC6485 is weaponizing CVE-2025-12480 (CVSS 9.1).
They bypassed Triofox auth, ran setup to create an admin, then pointed the antivirus path at centre_report.bat to run code as SYSTEM.
Read β https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html
They bypassed Triofox auth, ran setup to create an admin, then pointed the antivirus path at centre_report.bat to run code as SYSTEM.
Read β https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html
π12π6π₯2π€―1
Hackers arenβt after people anymore β theyβre after bots.
API keys and tokens now run much of your SaaS, often with full access.
One stolen token let attackers break into hundreds of Salesforce accounts.
See how it happened β https://thehackernews.com/expert-insights/2025/11/whos-really-using-your-saas-rise-of-non.html
API keys and tokens now run much of your SaaS, often with full access.
One stolen token let attackers break into hundreds of Salesforce accounts.
See how it happened β https://thehackernews.com/expert-insights/2025/11/whos-really-using-your-saas-rise-of-non.html
π14π₯2π2π2
A fake npm package was caught pretending to be GitHubβs real one.
~acitons/artifact (with the typo) tried to steal build tokens from GitHub repos.
It ran a postinstall script that sent secrets to a fake GitHub site.
Full story β https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html
~acitons/artifact (with the typo) tried to steal build tokens from GitHub repos.
It ran a postinstall script that sent secrets to a fake GitHub site.
Full story β https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html
π₯10π2π2
π¨ π¨ New Android RAT β βFantasy Hubβ β is on sale on Russian Telegram: $200/week or $4,500/year.
It turns any app into spyware, pretends to be a Play update, hijacks SMS to steal 2FA, and streams camera/mic in real time via WebRTC.
Novices can buy and run it. If you use BYOD or mobile banking, read more β https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html
It turns any app into spyware, pretends to be a Play update, hijacks SMS to steal 2FA, and streams camera/mic in real time via WebRTC.
Novices can buy and run it. If you use BYOD or mobile banking, read more β https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html
π₯16π7π3
AI-driven supply chain attacks jumped 156% last year.
This new malware rewrites itself, looks like real code, and waits weeks before hitting. Most security tools canβt spot it.
See what CISOs are doing to fight back β https://thehackernews.com/2025/11/cisos-expert-guide-to-ai-supply-chain.html
This new malware rewrites itself, looks like real code, and waits weeks before hitting. Most security tools canβt spot it.
See what CISOs are doing to fight back β https://thehackernews.com/2025/11/cisos-expert-guide-to-ai-supply-chain.html
π₯6π3π3
π¨ GootLoader is back β and smarter.
Huntress found 3 new cases since Oct 27. In 2 of them, attackers took full control in under 17 hours.
Now it hides fake PDFs using special web fonts so the files look safe. ZIPs fool scanners but open real malware on Windows.
Details β https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html
Huntress found 3 new cases since Oct 27. In 2 of them, attackers took full control in under 17 hours.
Now it hides fake PDFs using special web fonts so the files look safe. ZIPs fool scanners but open real malware on Windows.
Details β https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html
π8π₯3π3
A new malware called Maverick is spreading through WhatsApp Web.
It can copy your Chrome data to skip QR logins, turn off Defender, and message your contacts from your account.
Full story β https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html
It can copy your Chrome data to skip QR logins, turn off Defender, and message your contacts from your account.
Full story β https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html
π±16π₯6π4π4
This media is not supported in your browser
VIEW IN TELEGRAM
π₯ Google just launched Private AI Compute β a new cloud system that runs AI without letting Google see your data.
It keeps Gemini models inside secure, encrypted hardware to protect privacy.
Auditors did find small flaws that could, in rare cases, expose users β but Google says fixes are on the way.
Read more β https://thehackernews.com/2025/11/google-launches-private-ai-compute.html
It keeps Gemini models inside secure, encrypted hardware to protect privacy.
Auditors did find small flaws that could, in rare cases, expose users β but Google says fixes are on the way.
Read more β https://thehackernews.com/2025/11/google-launches-private-ai-compute.html
π₯11π€7π±2π1π1
π€ 82% of companies use AI agents.
π 53% let them access sensitive data every day.
β οΈ Most donβt know who owns or controls them.
One forgotten agent can leak everything.
How to stop it β https://thehackernews.com/expert-insights/2025/11/governing-ai-agents-from-enterprise.html
π 53% let them access sensitive data every day.
β οΈ Most donβt know who owns or controls them.
One forgotten agent can leak everything.
How to stop it β https://thehackernews.com/expert-insights/2025/11/governing-ai-agents-from-enterprise.html
π10π₯4π1
π¨ Microsoft just fixed a Windows flaw hackers are already exploiting in the wild.
The kernel bug (CVE-2025-62215) lets anyone with local access gain full control β and itβs being linked with other attacks for complete takeover.
Install the latest patches now β https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html
The kernel bug (CVE-2025-62215) lets anyone with local access gain full control β and itβs being linked with other attacks for complete takeover.
Install the latest patches now β https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html
π16π₯1
Scale Container Security with Confidence β Live Webinar
Learn how top teams build secure, compliant containers that scale β without slowing delivery.
π Nov 25 | 11 AM EST
ποΈ 20-Minute Session + Q&A
Save Your Seat π https://thn.news/webinar-insights
Learn how top teams build secure, compliant containers that scale β without slowing delivery.
π Nov 25 | 11 AM EST
ποΈ 20-Minute Session + Q&A
Save Your Seat π https://thn.news/webinar-insights
π9
Active Directory is the single point of failure for most enterprises.
One bad password or missed update can give attackers full control. They know it. Most teams donβt act on it.
See what the latest breach exposed β https://thehackernews.com/2025/11/active-directory-under-siege-why.html
One bad password or missed update can give attackers full control. They know it. Most teams donβt act on it.
See what the latest breach exposed β https://thehackernews.com/2025/11/active-directory-under-siege-why.html
π₯9π2π2π€―1
β‘ Hackers only need one open door. Most tools find it after theyβre inside.
Dynamic Attack Surface Reduction (DASR) spots weak points as they appearβand closes them fast. Fewer alerts. Stronger defense.
Join this WEBINAR to see how it works β https://thehackernews.com/2025/11/webinar-learn-how-leading-security.html
Dynamic Attack Surface Reduction (DASR) spots weak points as they appearβand closes them fast. Fewer alerts. Stronger defense.
Join this WEBINAR to see how it works β https://thehackernews.com/2025/11/webinar-learn-how-leading-security.html
π€―5β‘2π2π1
π¨ Amazon revealed details of attacks exploiting two recent flaws in Cisco ISE and Citrix NetScaler β both used as zero-days.
Hackers made a fake Cisco file that hid in memory, watched traffic, and stole access without being seen.
Full story β https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html
Hackers made a fake Cisco file that hid in memory, watched traffic, and stole access without being seen.
Full story β https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html
π₯6π4π1
π» Google sued a Chinese hacker group that runs a phishing service called Lighthouse.
It tricked over 1 million people in 120 countries and made more than $1 billion using fake Google and USPS pages.
They sold the phishing kits β $88 a week to $1,588 a year.
Read more β https://thehackernews.com/2025/11/google-sues-china-based-hackers-behind.html
It tricked over 1 million people in 120 countries and made more than $1 billion using fake Google and USPS pages.
They sold the phishing kits β $88 a week to $1,588 a year.
Read more β https://thehackernews.com/2025/11/google-sues-china-based-hackers-behind.html
π20π±5π2β‘1π1