Chinaβs hackers used Anthropicβs AI to run cyber attacks β almost fully on its own.
They turned Claude into a self-running hacking tool that hit tech, finance, and government targets.
AI did about 90% of the work by itself.
Learn more β https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html
They turned Claude into a self-running hacking tool that hit tech, finance, and government targets.
AI did about 90% of the work by itself.
Learn more β https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html
π15β‘1π₯1π1
Ransomware is breaking records again.
In Q3 2025, researchers found 85 active ransomware groups β more than ever before. Police took some down, but 14 new ones popped up right after.
Now LockBit 5.0 is back, and it could pull them all together again.
Read the full report β https://thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html
In Q3 2025, researchers found 85 active ransomware groups β more than ever before. Police took some down, but 14 new ones popped up right after.
Now LockBit 5.0 is back, and it could pull them all together again.
Read the full report β https://thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html
β‘10π7π2π₯1
π Iranβs APT42 hackers are now targeting defense officials and their families.
They send fake WhatsApp invites that install a PowerShell backdoor called TAMECAT using Cloudflare, Discord, and Telegram.
Itβs active and still spreading.
Details here β https://thehackernews.com/2025/11/iranian-hackers-launch-spearspecter-spy.html
They send fake WhatsApp invites that install a PowerShell backdoor called TAMECAT using Cloudflare, Discord, and Telegram.
Itβs active and still spreading.
Details here β https://thehackernews.com/2025/11/iranian-hackers-launch-spearspecter-spy.html
π12π₯8π±2π1
π΅οΈββοΈ How many AI assets are running in your organization right now?
If you canβt answer that, youβre not alone.
From hidden models in Jupyter notebooks to AI-powered features buried in SaaS tools, AI is spreading faster than most teams can track.
Join this live webinar to learn:
- How to discover and catalog AI assets you didnβt know existed
- Why AI inventory is the foundation for effective AI security and governance
π https://thn.news/building-ai-inventory
If you canβt answer that, youβre not alone.
From hidden models in Jupyter notebooks to AI-powered features buried in SaaS tools, AI is spreading faster than most teams can track.
Join this live webinar to learn:
- How to discover and catalog AI assets you didnβt know existed
- Why AI inventory is the foundation for effective AI security and governance
π https://thn.news/building-ai-inventory
π4
π¨ Major AI engines from Meta, Nvidia, Microsoft, and PyTorch were hit by the same critical bug.
It lets attackers run code on remote systems β all because of a reused unsafe pattern in ZeroMQ and Python pickle.
Some systems are still not fixed.
Read the full story β https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html
It lets attackers run code on remote systems β all because of a reused unsafe pattern in ZeroMQ and Python pickle.
Some systems are still not fixed.
Read the full story β https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html
π9
π¨ North Korean hackers have a new trick.
Theyβre hiding malware inside fake API keys on GitHub β using JSON Keeper and other legit tools to stay invisible.
The attack installs βBeaverTailβ to steal data and drop a Python backdoor.
See how it works β https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html
Theyβre hiding malware inside fake API keys on GitHub β using JSON Keeper and other legit tools to stay invisible.
The attack installs βBeaverTailβ to steal data and drop a Python backdoor.
See how it works β https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html
β‘8π€8π±4π2
π Update: Fortinet has assigned CVE-2025-64446 (CVSS 9.1) β a path traversal flaw letting attackers run admin commands via crafted HTTP/S requests.
CISA added it to KEV β deadline: Nov 21.
Exploited in the wild.
Patch now β€΅οΈ https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html
CISA added it to KEV β deadline: Nov 21.
Exploited in the wild.
Patch now β€΅οΈ https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html
π₯13π€―3β‘1π1
The U.S. just uncovered how North Korea used fake βremote IT jobsβ to sneak millions past sanctions.
π€ 5 Americans pleaded guilty
π’ 136 U.S. companies hit
π° $2.2M sent to North Korea
Read the details β https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html
π€ 5 Americans pleaded guilty
π’ 136 U.S. companies hit
π° $2.2M sent to North Korea
Read the details β https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html
π22π€―7π±5π₯2π1
π¨ A new botnet called RondoDox is attacking unpatched XWiki servers through a critical bug (CVE-2025-24893, score 9.8).
Hackers are using it to spread crypto miners and DDoS tools.
Learn more β https://thehackernews.com/2025/11/rondodox-exploits-unpatched-xwiki.html
Hackers are using it to spread crypto miners and DDoS tools.
Learn more β https://thehackernews.com/2025/11/rondodox-exploits-unpatched-xwiki.html
π11
π¨ Big win for Android security.
Google says Rust cut memory bugs by 1000x β and made coding faster too.
Fewer crashes, fewer rollbacks, quicker reviews. Even an 8.1-rated bug in βunsafeβ Rust couldnβt get through.
Learn more β https://thehackernews.com/2025/11/rust-adoption-drives-android-memory.html
Google says Rust cut memory bugs by 1000x β and made coding faster too.
Fewer crashes, fewer rollbacks, quicker reviews. Even an 8.1-rated bug in βunsafeβ Rust couldnβt get through.
Learn more β https://thehackernews.com/2025/11/rust-adoption-drives-android-memory.html
π€16π8π₯7π2
π¨ Hackers are using fake Chrome and Teams apps to spread a new virus. Itβs called RONINGLOADER, and it installs a changed version of Gh0st RAT.
π¬ It shuts down antivirus tools with real Windows drivers and hides inside regsvr32.exe.
Read the full story β https://thehackernews.com/2025/11/dragon-breath-uses-roningloader-to.html
π¬ It shuts down antivirus tools with real Windows drivers and hides inside regsvr32.exe.
Read the full story β https://thehackernews.com/2025/11/dragon-breath-uses-roningloader-to.html
π9π₯5
π¨ 1 in 3 phishing attacks no longer come from email.
Theyβre sliding into LinkedIn DMsβimpersonating execs, hijacking accounts, and stealing access to Microsoft & Google workspaces.
The worst part? Security teams canβt even see it happening.
Find out how it works β https://thehackernews.com/2025/11/5-reasons-why-attackers-are-phishing.html
Theyβre sliding into LinkedIn DMsβimpersonating execs, hijacking accounts, and stealing access to Microsoft & Google workspaces.
The worst part? Security teams canβt even see it happening.
Find out how it works β https://thehackernews.com/2025/11/5-reasons-why-attackers-are-phishing.html
β‘10π€5π3π2
π‘οΈ Missed the latest threats? Cyber moves fast β catch up faster.
β‘ Fortinet flaw exploited
π€ Chinaβs AI-driven ops
π PhaaS shutdown
π° Fake crypto apps
π¦ Supply chain abuse
π All in one sharp recap: https://thehackernews.com/2025/11/weekly-recap-fortinet-exploited-chinas.html
β‘ Fortinet flaw exploited
π€ Chinaβs AI-driven ops
π PhaaS shutdown
π° Fake crypto apps
π¦ Supply chain abuse
π All in one sharp recap: https://thehackernews.com/2025/11/weekly-recap-fortinet-exploited-chinas.html
π₯10π3π3π€―3
β‘ Hackers are using fake reCAPTCHA pop-ups to install Amatera Stealer β malware that steals crypto, passwords, and messages.
It hides inside Windows files and skips computers with nothing valuable.
Full details β https://thehackernews.com/2025/11/new-evalusion-clickfix-campaign.html
It hides inside Windows files and skips computers with nothing valuable.
Full details β https://thehackernews.com/2025/11/new-evalusion-clickfix-campaign.html
π32π₯9π8π3
π΄ Google confirms new Chrome zero-day under attack.
The flaw β CVE-2025-13223 β lets hackers run code through a crafted web page.
Itβs the third V8 exploit this year, and itβs already being used in the wild.
Patch now β https://thehackernews.com/2025/11/google-issues-security-fix-for-actively.html
The flaw β CVE-2025-13223 β lets hackers run code through a crafted web page.
Itβs the third V8 exploit this year, and itβs already being used in the wild.
Patch now β https://thehackernews.com/2025/11/google-issues-security-fix-for-actively.html
π±19π₯11π4π4π2
π₯ Microsoft stopped the biggest DDoS attack ever seen in the cloud β 5.72 Tbps from over 500,000 hacked routers and cameras.
The attack came from an IoT botnet called AISURU.
The devices are still infected β and could strike again.
Read here β https://thehackernews.com/2025/11/microsoft-mitigates-record-572-tbps.html
The attack came from an IoT botnet called AISURU.
The devices are still infected β and could strike again.
Read here β https://thehackernews.com/2025/11/microsoft-mitigates-record-572-tbps.html
π26π6π5
β οΈ Seven npm packages were caught hiding crypto scams.
They used a cloaking tool called Adspect to dodge detection β even blocking dev tools to stay invisible.
Learn more β https://thehackernews.com/2025/11/seven-npm-packages-use-adspect-cloaking.html
They used a cloaking tool called Adspect to dodge detection β even blocking dev tools to stay invisible.
Learn more β https://thehackernews.com/2025/11/seven-npm-packages-use-adspect-cloaking.html
π8
Dev teams often waste valuable time and effort sifting through vulnerabilities⦠just to determine if a container is safe.
ActiveStateβs new Secure Container Image Catalog simplifies how teams find, compare, and pull secure containers.
The growing catalog, which offers free container images for languages like Python and Java, provides:
πΉ Real-time vulnerability insights and VEX advisories
πΉ Full SBOMs and component details for complete transparency
πΉ Reliable architecture and compatibility data
πΉ The ability to directly compare and pull secure images
Check out the catalog to simplify your container image selection: https://thn.news/state-images
ActiveStateβs new Secure Container Image Catalog simplifies how teams find, compare, and pull secure containers.
The growing catalog, which offers free container images for languages like Python and Java, provides:
πΉ Real-time vulnerability insights and VEX advisories
πΉ Full SBOMs and component details for complete transparency
πΉ Reliable architecture and compatibility data
πΉ The ability to directly compare and pull secure images
Check out the catalog to simplify your container image selection: https://thn.news/state-images
π₯5
π€ Most cyberattacks donβt start with hackers β they start with machine accounts.
Non-human identities now outnumber people 50 to 1, and most orgs still canβt see or secure them.
A new approach called Identity Security Fabric fixes that.
Read how it works β https://thehackernews.com/2025/11/beyond-iam-silos-why-identity-security.html
Non-human identities now outnumber people 50 to 1, and most orgs still canβt see or secure them.
A new approach called Identity Security Fabric fixes that.
Read how it works β https://thehackernews.com/2025/11/beyond-iam-silos-why-identity-security.html
π7π4π2
Iranβs UNC1549 hackers hit defense networks without even touching them.
They broke in through third-party Citrix and Azure accounts and dropped backdoors β TWOSTROKE and DEEPROOT β that can sit quiet for months.
Theyβre now active across the Middle Eastβs aerospace supply chain.
Read this latest report β https://thehackernews.com/2025/11/iranian-hackers-use-deeproot-and.html
They broke in through third-party Citrix and Azure accounts and dropped backdoors β TWOSTROKE and DEEPROOT β that can sit quiet for months.
Theyβre now active across the Middle Eastβs aerospace supply chain.
Read this latest report β https://thehackernews.com/2025/11/iranian-hackers-use-deeproot-and.html
π11π±5π2π₯1