🚨 Major AI engines from Meta, Nvidia, Microsoft, and PyTorch were hit by the same critical bug.

It lets attackers run code on remote systems — all because of a reused unsafe pattern in ZeroMQ and Python pickle.

Some systems are still not fixed.

Read the full story ↓ https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html

🚨 North Korean hackers have a new trick.

They’re hiding malware inside fake API keys on GitHub — using JSON Keeper and other legit tools to stay invisible.

The attack installs “BeaverTail” to steal data and drop a Python backdoor.

See how it works ↓ https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html

🔔 Update: Fortinet has assigned CVE-2025-64446 (CVSS 9.1) — a path traversal flaw letting attackers run admin commands via crafted HTTP/S requests.

CISA added it to KEV — deadline: Nov 21.

Exploited in the wild.

Patch now ⤵️ https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html

The U.S. just uncovered how North Korea used fake “remote IT jobs” to sneak millions past sanctions.

👤 5 Americans pleaded guilty
🏢 136 U.S. companies hit
💰 $2.2M sent to North Korea

Read the details ↓ https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html

🚨 A new botnet called RondoDox is attacking unpatched XWiki servers through a critical bug (CVE-2025-24893, score 9.8).

Hackers are using it to spread crypto miners and DDoS tools.

Learn more ↓ https://thehackernews.com/2025/11/rondodox-exploits-unpatched-xwiki.html