The U.S. just uncovered how North Korea used fake “remote IT jobs” to sneak millions past sanctions.

👤 5 Americans pleaded guilty
🏢 136 U.S. companies hit
💰 $2.2M sent to North Korea

Read the details ↓ https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html

🚨 A new botnet called RondoDox is attacking unpatched XWiki servers through a critical bug (CVE-2025-24893, score 9.8).

Hackers are using it to spread crypto miners and DDoS tools.

Learn more ↓ https://thehackernews.com/2025/11/rondodox-exploits-unpatched-xwiki.html

🚨 Big win for Android security.

Google says Rust cut memory bugs by 1000x — and made coding faster too.

Fewer crashes, fewer rollbacks, quicker reviews. Even an 8.1-rated bug in “unsafe” Rust couldn’t get through.

Learn more ↓ https://thehackernews.com/2025/11/rust-adoption-drives-android-memory.html

🚨 Hackers are using fake Chrome and Teams apps to spread a new virus. It’s called RONINGLOADER, and it installs a changed version of Gh0st RAT.

😬 It shuts down antivirus tools with real Windows drivers and hides inside regsvr32.exe.

Read the full story ↓ https://thehackernews.com/2025/11/dragon-breath-uses-roningloader-to.html

🚨 1 in 3 phishing attacks no longer come from email.

They’re sliding into LinkedIn DMs—impersonating execs, hijacking accounts, and stealing access to Microsoft & Google workspaces.

The worst part? Security teams can’t even see it happening.

Find out how it works ↓ https://thehackernews.com/2025/11/5-reasons-why-attackers-are-phishing.html

🛡️ Missed the latest threats? Cyber moves fast — catch up faster.

⚡ Fortinet flaw exploited
🤖 China’s AI-driven ops
📉 PhaaS shutdown
💰 Fake crypto apps
📦 Supply chain abuse

🔗 All in one sharp recap: https://thehackernews.com/2025/11/weekly-recap-fortinet-exploited-chinas.html

⚡ Hackers are using fake reCAPTCHA pop-ups to install Amatera Stealer — malware that steals crypto, passwords, and messages.

It hides inside Windows files and skips computers with nothing valuable.

Full details ↓ https://thehackernews.com/2025/11/new-evalusion-clickfix-campaign.html

🔴 Google confirms new Chrome zero-day under attack.

The flaw — CVE-2025-13223 — lets hackers run code through a crafted web page.

It’s the third V8 exploit this year, and it’s already being used in the wild.

Patch now ↓ https://thehackernews.com/2025/11/google-issues-security-fix-for-actively.html

🔥 Microsoft stopped the biggest DDoS attack ever seen in the cloud — 5.72 Tbps from over 500,000 hacked routers and cameras.

The attack came from an IoT botnet called AISURU.

The devices are still infected — and could strike again.

Read here → https://thehackernews.com/2025/11/microsoft-mitigates-record-572-tbps.html

⚠️ Seven npm packages were caught hiding crypto scams.

They used a cloaking tool called Adspect to dodge detection — even blocking dev tools to stay invisible.

Learn more ↓ https://thehackernews.com/2025/11/seven-npm-packages-use-adspect-cloaking.html

Dev teams often waste valuable time and effort sifting through vulnerabilities… just to determine if a container is safe.

ActiveState’s new Secure Container Image Catalog simplifies how teams find, compare, and pull secure containers.

The growing catalog, which offers free container images for languages like Python and Java, provides:

🔹 Real-time vulnerability insights and VEX advisories
🔹 Full SBOMs and component details for complete transparency
🔹 Reliable architecture and compatibility data
🔹 The ability to directly compare and pull secure images

Check out the catalog to simplify your container image selection: https://thn.news/state-images

🤖 Most cyberattacks don’t start with hackers — they start with machine accounts.

Non-human identities now outnumber people 50 to 1, and most orgs still can’t see or secure them.

A new approach called Identity Security Fabric fixes that.

Read how it works ↓ https://thehackernews.com/2025/11/beyond-iam-silos-why-identity-security.html

Iran’s UNC1549 hackers hit defense networks without even touching them.

They broke in through third-party Citrix and Azure accounts and dropped backdoors — TWOSTROKE and DEEPROOT — that can sit quiet for months.

They’re now active across the Middle East’s aerospace supply chain.

Read this latest report ↓ https://thehackernews.com/2025/11/iranian-hackers-use-deeproot-and.html

🏠 A U.S. real-estate giant was nearly hacked — through a fake Microsoft Teams chat.

Attackers used Tuoni, a free red-team tool from GitHub, to run hidden code straight in memory.
Even the script showed signs of AI-written code.

How ethical hacking tools are turning against us → https://thehackernews.com/2025/11/researchers-detail-tuoni-c2s-role-in.html

☁️ Your cloud might already be wide open.

One weak access rule can expose everything — data, customers, compliance.

Join our free WEBINAR with CyberArk experts to learn simple ways to close those gaps fast & keep your data safe.

Save your spot now → https://thehackernews.com/2025/11/learn-how-leading-companies-secure.html

Meta just expanded WhatsApp’s security research.

🔹 New “Research Proxy” tool lets experts dig deeper
🔹$4M paid to bug hunters this year

Big money. Bigger stakes.

Read here ↓ https://thehackernews.com/2025/11/meta-expands-whatsapp-security-research.html

🚨 Hackers just upgraded their phishing game. A fake Microsoft login now looks 100% real — even showing a real URL and CAPTCHA check.

It’s part of a new “Sneaky 2FA” phishing kit that lets anyone steal accounts without real skills.

Even pros are getting tricked.

Here’s how it works ↓ https://thehackernews.com/2025/11/sneaky-2fa-phishing-kit-adds-bitb-pop.html

Fortinet has confirmed a new FortiWeb flaw — CVE-2025-58034 — already exploited in the wild.

It lets authenticated attackers execute OS commands via crafted requests.

Full story ↓ https://thehackernews.com/2025/11/fortinet-warns-of-new-fortiweb-cve-2025.html

We say “trust but verify.”

In SaaS, most teams trust once—and never verify again. Old tokens stay valid. Apps keep broad access.

That’s how attackers move in quietly.

Gal Nakash explains why Zero Trust fails in practice and what to fix ↓ https://thehackernews.com/expert-insights/2025/11/the-problem-with-trust-but-verify-is.html

🚨 Hackers turned software updates into malware.

ESET found a China-linked group called PlushDaemon using a tool named EdgeStepper to hijack internet routers and reroute updates straight to fake servers.

So that “safe update”? It could install spyware instead.

Full story ↓ https://thehackernews.com/2025/11/edgestepper-implant-reroutes-dns.html