The Hacker News

🚨 FBI ALERT: Scammers are posing as banks to steal logins — causing $262M in losses this year. Now they’re using AI to create fake Black Friday sites and ads that look real. They trick people into handing over passwords and money. Learn more ↓ https://thehackernews.com/2025/11/fbi-reports-262m-in-ato-fraud-as.html

🚨 WARNING: Over 80,000 files with passwords and keys from governments, banks, and tech firms were found online — all pasted into public code tools like JSONFormatter and CodeBeautify. Hackers are already scraping and using the data. And yes — it’s still live. Details here → https://thehackernews.com/2025/11/years-of-jsonformatter-and-codebeautify.html

🚨 Hackers built fake adult sites that show a fake Windows update. It tells you to copy and paste a “fix” — but that command secretly installs up to 8 programs that steal passwords and data. Researchers call it JackFix, part of the ClickFix trend now behind nearly half of all breaches. Details ↓ https://thehackernews.com/2025/11/jackfix-uses-fake-windows-update-pop.html

1 in 5 DevOps, Security, Product, and Developer professionals say vulnerable and outdated components are their biggest security concern. If you’re building or running container-based systems, this is your cue to pause and ask: Do you know which container images are hardened, which ones still carry drift, and how you’ll prove they’re safe before they hit production? This checklist is designed for teams to consistently build hardened, trustworthy containers by covering four key areas: base image selection, application-dependency management, minimization & hardening, and signing/verification. 👉 Download the checklist here: https://thn.news/container-checklist

In 2026, hackers will use AI as their main weapon. They’ll use it to run scams, copy people, and trick systems fast. Many security tools can’t spot it. ANYRUN built a sandbox that clicks and tests like a real person to find these attacks. Learn about it here ↓ https://thehackernews.com/2025/11/3-soc-challenges-you-need-to-solve.html

🚨 Hackers known as "ToddyCat" found a new way to steal #Outlook emails. Their tool TCSectorCopy skips Outlook locks and copies mail files straight from the disk — no network use, no alerts. They also use TomBerBil and SharpTokenFinder to steal OAuth and #Microsoft365 tokens. More details here ↓ https://thehackernews.com/2025/11/toddycats-new-hacking-tools-steal.html

Hackers are weaponizing Blender files. Malicious .blend projects uploaded to CGTrader run hidden Python scripts that install StealC V2 — a stealer able to grab data from 23 browsers, 15 crypto wallets, VPNs, and email clients. It’s been active for at least 6 months. Keep Auto Run off. Read here ↓ https://thehackernews.com/2025/11/hackers-hijack-blender-3d-assets-to.html

Most insider threat tools still expose personal data during monitoring. That means even your “secure” session recordings may violate GDPR or HIPAA — without you realizing it. Ani Khachatryan, CTO at Syteca, explains how real-time data masking can preserve visibility without breaching privacy. Learn more ↓ https://thehackernews.com/expert-insights/2025/11/smarter-access-better-protected-data.html

🛑 State-linked hackers are hijacking Signal, WhatsApp, and Telegram accounts using spyware disguised as real apps — some use zero-click bugs on iPhones and Androids. Targets include diplomats and officials across the U.S., Europe, and the Middle East. Read the full report ↓ https://thehackernews.com/2025/11/cisa-warns-of-active-spyware-campaigns.html

🚨 Fluent Bit — deployed over 15 Billion times — just got hit with 5 critical CVEs. Attackers can exploit them to run code, rewrite or delete logs, and fake telemetry across AWS, GCP & Azure. Some of these bugs have been in Fluent Bit for over 8 years. More details ↓ https://thehackernews.com/2025/11/new-fluent-bit-flaws-expose-cloud-to.html

🔥 New npm attack DETECTED! A campaign dubbed “Sha1-Hulud: The Second Coming” has compromised hundreds of packages and over 25,000 GitHub repos. The code runs during install, steals cloud logins, and if that fails, it deletes the user’s home folder. Read more ↓ https://thehackernews.com/2025/11/second-sha1-hulud-wave-affects-25000.html

⚡ Another week, another wave of exploits, leaks, and surprise fixes. What’s real, what’s risky, what’s next — it’s all in the Cybersecurity Recap 👉 https://thehackernews.com/2025/11/weekly-recap-fortinet-exploit-chrome-0.html

🔴 Researchers say China’s DeepSeek-R1 AI writes weaker code when asked about topics like Tibet or Uyghurs. Coding mistakes go up by about 50%, even when the topic isn’t part of the task. This bias could be a new security risk. Full story ↓ https://thehackernews.com/2025/11/chinese-ai-model-deepseek-r1-generates.html

🚨 Hackers are using a fixed Windows bug (CVE-2025-59287) to spread ShadowPad malware through WSUS servers. They used normal Windows tools like curl and certutil to install it — a method seen before in Chinese hacking groups. Systems patched too late may have already been compromised. Full story ↓ https://thehackernews.com/2025/11/shadowpad-malware-actively-exploits.html

🚨 China’s hacker group APT31 broke into Russia’s IT companies — and stayed hidden for almost two years. They used Yandex Cloud, OneDrive, and even social media to steal data without raising alarms. Some attacks ran on holidays when no one was watching. Details ↓ https://thehackernews.com/2025/11/china-linked-apt31-launches-stealthy.html

🚨 Hackers found a new way to phish — through browser notifications. A new tool called Matrix Push C2 lets attackers send fake alerts that look like real ones from PayPal, Netflix, or TikTok. No downloads. No malware file. Just one click — and your data’s theirs. Learn more ↓ https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html

🚨 CISA warns Oracle Identity Manager flaw (CVE-2025-61757) is under active attack. Hackers can run code without login by adding ?WSDL or ;.wadl to URLs — a tiny trick that opens locked systems. Exploited since August. Patch by Dec 12. Full details ↓ https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.html

🚨 Grafana fixed a major security bug (CVSS 10.0) that could let attackers sign in as admin users. It affects Grafana Enterprise 12.0.0–12.2.1 if SCIM provisioning is turned on — a number like “1” could trick the system into giving admin access. Update now to stay safe. Read more ↓ https://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html

🚨 Google just made Android and iPhone share files directly using Quick Share and AirDrop. It’s built in Rust for stronger security, and a small info leak found in testing is already fixed. Full details ↓ https://thehackernews.com/2025/11/google-adds-airdrop-compatibility-to.html

Every phone could be a way in for hackers. Samsung Galaxy devices check their security before they connect to your network. That means real Zero Trust—built into the device itself. Read ↓ https://thehackernews.com/2025/11/why-it-admins-choose-samsung-for-mobile.html