The Hacker News

🚨 North Korean hackers have a new trick. They’re hiding malware inside fake API keys on GitHub — using JSON Keeper and other legit tools to stay invisible. The attack installs “BeaverTail” to steal data and drop a Python backdoor. See how it works ↓ https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html

🚨 Major AI engines from Meta, Nvidia, Microsoft, and PyTorch were hit by the same critical bug. It lets attackers run code on remote systems — all because of a reused unsafe pattern in ZeroMQ and Python pickle. Some systems are still not fixed. Read the full story ↓ https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html

🕵️‍♂️ How many AI assets are running in your organization right now? If you can’t answer that, you’re not alone. From hidden models in Jupyter notebooks to AI-powered features buried in SaaS tools, AI is spreading faster than most teams can track. Join this live webinar to learn: - How to discover and catalog AI assets you didn’t know existed - Why AI inventory is the foundation for effective AI security and governance 👉 https://thn.news/building-ai-inventory

🛑 Iran’s APT42 hackers are now targeting defense officials and their families. They send fake WhatsApp invites that install a PowerShell backdoor called TAMECAT using Cloudflare, Discord, and Telegram. It’s active and still spreading. Details here ↓ https://thehackernews.com/2025/11/iranian-hackers-launch-spearspecter-spy.html

Ransomware is breaking records again. In Q3 2025, researchers found 85 active ransomware groups — more than ever before. Police took some down, but 14 new ones popped up right after. Now LockBit 5.0 is back, and it could pull them all together again. Read the full report → https://thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html

China’s hackers used Anthropic’s AI to run cyber attacks — almost fully on its own. They turned Claude into a self-running hacking tool that hit tech, finance, and government targets. AI did about 90% of the work by itself. Learn more ↓ https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html

🚨 Securing one browser isn’t enough. Malicious extensions now move between Chrome, Edge, and AI browsers like Atlas and Comet. AI helps them learn and adapt fast. See how cross-browser attacks really work ↓ https://thehackernews.com/expert-insights/2025/11/beyond-chrome-risks-of-malicious.html

⚠️ Hackers are actively exploiting a Fortinet FortiWeb bug that lets them skip login and make admin accounts. Fortinet quietly fixed it in v8.0.2 — no CVE, no warning. If you haven’t patched yet, your device might already be hit. Learn more here ↓ https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html

🚨 Hackers made 4,300+ fake hotel websites copying Booking[.]com, Airbnb, and Expedia. Each fake page looks real, changes based on your booking link, and steals your card details. See how this massive travel scam works ↓ https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html

Half of new CVEs are exploited within 48 hours. Attackers use AI and automation. Defenders use tickets and patch cycles. That delay is the breach window → https://thehackernews.com/2025/11/when-attacks-come-faster-than-patches.html

🚨 A fake Ethereum wallet called “Safery” is still up on the Chrome Web Store. It steals your seed phrase by hiding it in Sui wallet addresses and sending tiny blockchain payments. Looks safe. Isn’t. Read here ↓ https://thehackernews.com/2025/11/fake-chrome-extension-safery-steals.html

Most tools that promise to simplify Google Workspace offboarding end up creating more problems than they solve. Rigid workflows. Chat messages left unarchived. Manual fixes that take hours... Curious how companies like Google automate their deprovisioning in a no-code way? Join a Cloud Space Architect from Google and the Zenphi team to see how IT departments: Trigger offboarding automatically from HR or Directory events Archive Gmail, Drive, and Chat in one flow Clean up devices and shares instantly Cut costs associated with offboarding by up to 80%! 📅 Nov 20, 2025 | 30-min live session ➡️ Register to ask questions live and get the recording: https://thn.news/secure-offboarding #GoogleWorkspace #SecurityAutomation #GmailSecurity #ITAdmin #ITOperations #Cybersecurity #Offboarding #DataArchiving #MDM #GoogleAdmin #GoogleDrive

🚨 Europol took down 3 big malware groups — Rhadamanthys Stealer, Venom RAT, and the Elysium botnet. They shut down 1,025 servers and 20 websites. The main hacker was caught in Greece with 100,000 crypto wallets from victims. Full story ↓ https://thehackernews.com/2025/11/operation-endgame-dismantles.html

🚨 New ThreatsDay Bulletin is out! From AI bug bounties and data leaks to phishing kits and global cyber laws — here’s what’s shaping the week in cybersecurity. 👉 Read the full update: https://thehackernews.com/2025/11/threatsday-bulletin-cisco-0-days-ai-bug.html

🚨 CISA says hackers are exploiting a serious WatchGuard firewall flaw (CVE-2025-9242, score 9.3). Attackers can run code without logging in. Over 54,000 Firebox devices are still exposed. Patch before Dec 3. Details ↓ https://thehackernews.com/2025/11/cisa-flags-critical-watchguard-fireware.html

🚨 Over 43,000 fake npm packages have flooded the registry since 2024. They don’t steal data — they just keep cloning themselves. A hidden script waits until someone runs node auto.js, then the cycle starts. It went unnoticed for almost two years. Read more → https://thehackernews.com/2025/11/over-46000-fake-npm-packages-flood.html

💻 Google sued a Chinese hacker group that runs a phishing service called Lighthouse. It tricked over 1 million people in 120 countries and made more than $1 billion using fake Google and USPS pages. They sold the phishing kits — $88 a week to $1,588 a year. Read more → https://thehackernews.com/2025/11/google-sues-china-based-hackers-behind.html

🚨 Amazon revealed details of attacks exploiting two recent flaws in Cisco ISE and Citrix NetScaler — both used as zero-days. Hackers made a fake Cisco file that hid in memory, watched traffic, and stole access without being seen. Full story → https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html

⚡ Hackers only need one open door. Most tools find it after they’re inside. Dynamic Attack Surface Reduction (DASR) spots weak points as they appear—and closes them fast. Fewer alerts. Stronger defense. Join this WEBINAR to see how it works ↓ https://thehackernews.com/2025/11/webinar-learn-how-leading-security.html

Active Directory is the single point of failure for most enterprises. One bad password or missed update can give attackers full control. They know it. Most teams don’t act on it. See what the latest breach exposed → https://thehackernews.com/2025/11/active-directory-under-siege-why.html