The Hacker News
Open in Telegram
β Official THN Telegram Channel β A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking. π¨ Contact: admin@thehackernews.com π Website: https://thehackernews.com
Show more2025 year in numbers
153 626
Subscribers
+9424 hours
+3767 days
+1 46330 days
Posts Archive
Photo unavailableShow in Telegram
β‘ New Cyber Recap is live.
π npm worm returns
π§ M365 email + token raids
π± spyware on chat apps
𧱠Firefox RCE + hot CVEs
πΈ Cryptomixer takedown
If you ship code, manage access, or touch cloudβ¦ this oneβs worth 3 minutes.
Read: https://thehackernews.com/2025/12/weekly-recap-hot-cves-npm-worm-returns.html
π₯ 7π€― 3
Photo unavailableShow in Telegram
π¨ The browser just became your riskiest employee.
New AI browsers like ChatGPT Atlas can act on your behalf β booking, buying, sending data. One hidden command can turn them against you.
Join this expert webinar to learn how to spot and stop these new AI browser threats β https://thehackernews.com/2025/12/webinar-agentic-trojan-horse-why-new-ai.html
π₯ 7β‘ 2π 2
Photo unavailableShow in Telegram
π¨ Webinar Alert: Resilient Patching β Guardrails for Community Repos
You trust your patching tools. Attackers trust that too. A single unsafe package on Chocolatey or Winget can flip your defenses against you.
Learn how top teams patch fast, safe, and under control.
π Register & get the full playbook β https://thehacker.news/resilient-patching
π 6
Photo unavailableShow in Telegram
π¨ New Android malware Albiriox is being sold as a service.
It can remotely control phones, stream screens from banking apps, and fake updates to steal logins.
It even bypasses Androidβs screen protections.
Read about it here β https://thehackernews.com/2025/12/new-albiriox-maas-malware-targets-400.html
Spread via fake Google Play links, itβs already targeting users in Austria.
π± 13π₯ 5π€― 5β‘ 4π 3
Photo unavailableShow in Telegram
π¨ Tomiris is back β and harder to spot.
Kaspersky reports the group is using Telegram & Discord as C2 servers to hide attacks on government networks in Russia & Central Asia.
Its new malware β written in Python, Rust, Go, PowerShell & C#.
Full details β https://thehackernews.com/2025/12/tomiris-shifts-to-public-service.html
π 15π 5
Photo unavailableShow in Telegram
π¨ CISA added a real-world exploited flaw in OpenPLC ScadaBR to its Known Exploited Vulnerabilities list.
Hackers used the bug (CVE-2021-26829) to deface a fake water plant system in under 26 hours β disabling logs and alarms.
Read β https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.html
π 18π₯ 9β‘ 5
Photo unavailableShow in Telegram
β οΈ Researchers found old Python code that could expose projects to a supply chain attack.
Some PyPI packages β including Tornado and slapos.core β still call an expired domain that anyone could buy and use to run malicious code.
Details β https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html
π₯ 11π± 7
Photo unavailableShow in Telegram
π¨ North Korean hackers uploaded 197 malicious npm packages (31K+ downloads).
They drop a new OtterCookie variant that steals passwords, crypto data, and screenshots β all from a fake job interview setup.
Details here β https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html
π 8π₯ 6π± 5π 3π€― 1
Photo unavailableShow in Telegram
VPNs werenβt built for todayβs hybrid networks. Hackers now exploit them as entry points to steal admin creds.
Remote Privileged Access Management (RPAM) closes that gap β no VPNs, no shared passwords, full session tracking.
Why itβs replacing PAM β https://thehackernews.com/2025/11/why-organizations-are-turning-to-rpam.html
π₯ 14π€― 6π 3π 1
Photo unavailableShow in Telegram
Hackers posing as Kyrgyzstanβs Justice Ministry are spreading 2013-era NetSupport RAT across Kyrgyzstan and Uzbekistan using fake PDFs and old Java tricksβblocking outsiders to hide the attack.
Old tools. New victims. β https://thehackernews.com/2025/11/bloody-wolf-expands-java-based.html
π₯ 19π 5π 4π 1
Photo unavailableShow in Telegram
Microsoft will block all non-Microsoft scripts on Entra ID logins starting Oct 2026.
If your sign-in flow or browser extension injects any code, it may break β so test ASAP.
The new Content Security Policy only lets trusted Microsoft-hosted scripts.
Read more β https://thehackernews.com/2025/11/microsoft-to-block-unauthorized-scripts.html
π€ 12π 9π 3
Photo unavailableShow in Telegram
π¨ New ThreatsDay Bulletin is live!
π€ AI malware that learns your habits
π Voice bots turned into attack tools
πΈ Crypto rings laundering billions
π IoT gear under siege again
π Smishing scams spreading worldwide
All that and 20+ more stories shaping the week in cybersecurity.
π Read now: https://thehackernews.com/2025/11/threatsday-bulletin-ai-malware-voice.html
π₯ 9π€ 5
Photo unavailableShow in Telegram
π Gainsight just revealed more customers were affected than originally disclosed.
Salesforce revoked all Gainsight access tokens after the breach tied to ShinyHunters β and the same user-agent from prior Salesloft attacks popped up again.
The full scope remains unknown.
Read here β https://thehackernews.com/2025/11/gainsight-expands-impacted-customer.html
π± 6π 5
Photo unavailableShow in Telegram
β οΈ Hundreds of Maven packages just got caught running Shai-Hulud v2 β the same malware that hijacked npm.
It spread through automated rebuilds, infecting devs who never used npm.
Hiding in the Bun runtime, it steals GitHub + cloud creds and self-replicates like a worm β already leaking 11,000+ secrets across 4,600 repos.
Details here β https://thehackernews.com/2025/11/shai-hulud-v2-campaign-spreads-from-npm.html
π 12π₯ 6
Photo unavailableShow in Telegram
β οΈ Eight βadvancedβ tools failed at once.
A phishing attack slipped past all of them and reached exec inboxes. Only one thing stopped it β a strong SOC.
π Learn why your βfirst lineβ is useless without the last β https://thehackernews.com/2025/11/when-your-2m-security-detection-fails.html
π 12
Photo unavailableShow in Telegram
π₯ Hackers hit South Koreaβs banks through one IT vendor β spreading Qilin ransomware to 28 firms and stealing 2 TB of data.
Evidence suggests Russian and North Korean groups worked together.
Full story β https://thehackernews.com/2025/11/qilin-ransomware-turns-south-korean-msp.html
π€― 21π₯ 9π± 6π 3
01:02
Video unavailableShow in Telegram
π€ We talk a lot about securing AI.
Almost no one talks about where itβs actually hiding.
NetworkChuck just dropped a video with Wiz, showing how theyβre finding hidden AI risksββshadow AIββbefore attackers do. Itβs a smart look at where cloud security is headed next.
πSee Wiz in Action β https://thn.news/cloud-security-demo
Video_Edit_Request_for_Paid_Social_-_Network_Chuck.mp4433.46 MB
π 13π 9π₯ 3π€― 1
Photo unavailableShow in Telegram
β οΈ Hackers love community update tools.
Why? Because anyone can upload a package.
One bad update = hacked systems.
π Join our free live webinar with Action1 CTO Gene Moody β see how to patch safely without slowing down.
Save your spot β https://thehackernews.com/2025/11/webinar-learn-to-spot-risks-and-patch.html
π 5
Photo unavailableShow in Telegram
π¨ A Chrome extension is stealing crypto.
βCrypto Copilotβ looks like a trading tool for X β but it secretly adds a hidden Solana transfer and sends your money to a hackerβs wallet.
Itβs still live on the Chrome Web Store.
Full story β https://thehackernews.com/2025/11/chrome-extension-caught-injecting.html
π 6π 5π± 2
Photo unavailableShow in Telegram
Russiaβs GRU tried a new way to spread RomCom malware.
For the first time, they used SocGholish β fake browser update malware β to target a U.S. engineering firm linked to Ukraine.
The attack went from click to malware in under 30 minutes.
Read the latest report β https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html
π₯ 20π 4
