⚠️ Hackers love community update tools.
Why? Because anyone can upload a package.
One bad update = hacked systems.

🔒 Join our free live webinar with Action1 CTO Gene Moody — see how to patch safely without slowing down.

Save your spot ↓ https://thehackernews.com/2025/11/webinar-learn-to-spot-risks-and-patch.html

🤖 We talk a lot about securing AI.

Almost no one talks about where it’s actually hiding.

NetworkChuck just dropped a video with Wiz, showing how they’re finding hidden AI risks—“shadow AI”—before attackers do. It’s a smart look at where cloud security is headed next.

🚀See Wiz in Action → https://thn.news/cloud-security-demo

🔥 Hackers hit South Korea’s banks through one IT vendor — spreading Qilin ransomware to 28 firms and stealing 2 TB of data.

Evidence suggests Russian and North Korean groups worked together.

Full story ↓ https://thehackernews.com/2025/11/qilin-ransomware-turns-south-korean-msp.html

⚠️ Eight “advanced” tools failed at once.

A phishing attack slipped past all of them and reached exec inboxes. Only one thing stopped it — a strong SOC.

🔗 Learn why your “first line” is useless without the last ↓ https://thehackernews.com/2025/11/when-your-2m-security-detection-fails.html

⚠️ Hundreds of Maven packages just got caught running Shai-Hulud v2 — the same malware that hijacked npm.

It spread through automated rebuilds, infecting devs who never used npm.

Hiding in the Bun runtime, it steals GitHub + cloud creds and self-replicates like a worm — already leaking 11,000+ secrets across 4,600 repos.

Details here ↓ https://thehackernews.com/2025/11/shai-hulud-v2-campaign-spreads-from-npm.html