The Hacker News

CISA just added two new flaws to its list of exploited ones. One is already being used in the wild, and the other was fixed months ago but is still open on a lot of servers. One flaw in Control Web Panel lets hackers run commands before they log in. If you use it, patch it now. More information ↓ https://thehackernews.com/2025/11/cisa-adds-gladinet-and-cwp-flaws-to-kev.html

🔥 Three of the internet’s most notorious hacker crews — Scattered Spider, LAPSUS$, and ShinyHunters — just merged into one cartel: Scattered LAPSUS$ Hunters. They’ve rebuilt their Telegram network 16 times in 80 days and now run extortion-as-a-service for affiliates. Details here ↓ https://thehackernews.com/2025/11/a-cybercrime-merger-like-no-other.html

🛠️ You patch daily. 🕵️ You scan weekly. ⚡But your attack surface changes every hour. Static defenses can’t keep up. Join The Hacker News x Bitdefender webinar to see how Dynamic Attack Surface Reduction (DASR) keeps you ahead ➠ https://thehacker.news/attack-surface-reduction

🚨 A €600M crypto scam just got taken down. 9 suspects across 5 countries ran fake “investment” sites that looked 100% real. They even laundered the money on-chain — hiding millions in plain view. Read here ↓ https://thehackernews.com/2025/11/europol-and-eurojust-dismantle-600.html

🕒 When ransomware hits, every second counts. DOGE Big Balls spreads fast — encrypting files and leaving ransom notes everywhere. Wazuh detects it early, isolates the threat, and stops the damage. Here’s how their detection rules and live response work ↓ https://thehackernews.com/2025/11/ransomware-defense-using-wazuh-open.html

🚨 A critical CVSS 9.8 flaw in "react-native-community/cli" let anyone run OS commands on your dev machine—no login needed. It’s patched now, but millions of React Native devs were exposed for months. Check your version and lock down that dev server. → https://thehackernews.com/2025/11/critical-react-native-cli-flaw-exposed.html

🚨 Researchers just found 4 serious flaws in Microsoft Teams that let attackers fake messages and impersonate coworkers — no “Edited” label, no warning. If your team uses Teams, read this now ↓ https://thehackernews.com/2025/11/microsoft-teams-bugs-let-attackers.html

🚨 A new cyber-espionage campaign, Operation SkyCloak, is targeting defense networks in Russia and Belarus. Attackers use fake military documents to install a hidden SSH backdoor that talks through Tor — disguised as a legit GitHub app. Details here ↓ https://thehackernews.com/2025/11/operation-skycloak-deploys-tor-enabled.html

💡 Your AI-SOC works best when it keeps learning. Without regular analyst feedback, false alerts rise and real threats slip by. The real upgrade isn’t a new model — it’s a continuous feedback loop. Read how it works ↓ https://thehackernews.com/expert-insights/2025/11/continuous-feedback-loops-why-training.html

⚡ Google’s AI just found 5 serious bugs in Apple’s Safari — before hackers did. One flaw could crash your browser instantly, another could break memory protection. Apple’s patched them all. Update now. Full story → https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html

🔥 Ransomware negotiators turned attackers. They were supposed to stop hackers — but instead used BlackCat ransomware to hit 5 U.S. companies. They demanded up to $10M. One company actually paid. Full story ↓ https://thehackernews.com/2025/11/us-prosecutors-indict-cybersecurity.html

🔥 Ransomware negotiators turned attackers. They were supposed to stop hackers — but instead used BlackCat ransomware to hit 5 U.S. companies. They demanded up to $10M. One company actually paid. Full story ↓ https://thehackernews.com/2025/11/us-prosecutors-indict-cybersecurity.html

🚨 Microsoft just found a new backdoor called SesameOp — and it’s using the OpenAI Assistants API to talk to its attackers. Instead of sketchy servers, it hides inside legit AI traffic. It lived undetected for months. Commands were sent through the “description” field. Read how it works ↓ https://thehackernews.com/2025/11/microsoft-detects-sesameop-backdoor.html

🧠 SOC teams built to stop breaches... are built to miss them. Detection tools catch signals, not connections — and attackers live in the gaps. The future isn’t faster alerts. It’s smarter context. 🔍 Don’t miss how they’re doing it ↓ https://thehackernews.com/2025/11/the-evolution-of-soc-operations-how.html

🚨 Hackers are now hijacking trucking/logistics firms — not just for data, but for the cargo itself. They’re loading up legit remote-management tools like ScreenConnect & LogMeIn, hijacking load-boards and booking real shipments of food/beverage. Read how → https://thehackernews.com/2025/11/cybercriminals-exploit-remote.html

Last week: hacked security tools, broken chip protections, smart AI malware, and dev tools used to attack us. Hackers are moving faster than we can stop them. See all the top threats: https://thehackernews.com/2025/11/weekly-recap-lazarus-hits-web3-intelamd.html

🕵️ Two Android trojans are silently draining accounts. 🔹 One pretends to be a government ID app. 🔹 The other hides as a food delivery tracker. They even mute your phone — so you never hear it happen. Learn more about BankBot-YNRK & DeliveryRAT ↓ https://thehackernews.com/2025/11/researchers-uncover-bankbot-ynrk-and.html

⚠️ North Korea’s Kimsuky just dropped a new backdoor — HttpTroy — hidden in a fake VPN invoice. It shows a decoy PDF, sets a fake “AhnlabUpdate” task, and rebuilds code on the fly to dodge detection. Details ↓ https://thehackernews.com/2025/11/new-httptroy-backdoor-poses-as-vpn.html

🚨 400+ Cisco routers hacked across Australia! A new implant called BADCANDY is exploiting CVE-2023-20198 — even after patches. Rebooting won’t help. Hackers just come back. Watch for fake cisco_sys_manager accounts ↓ https://thehackernews.com/2025/11/asd-warns-of-ongoing-badcandy-attacks.html

🔒 Chrome is going fully HTTPS by default starting April 2026. Google will make “Always Use Secure Connections” the default setting—first for Enhanced Safe Browsing users, then for everyone by October 2026. No more HTTP by default. Safer web, less room for attacks. Full details ↓ https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html#chrome-takes-final-step-toward-full-https-web #ThreatsDay