🚨 WARNING: Malicious NuGet packages were caught hiding delayed payloads—set to fire off years from now, in 2027–2028.

They look harmless. Some even helpful. But one, Sharp7Extend, quietly sabotages PLCs—crashing processes or corrupting writes after a short delay.

Nearly 10K downloads before anyone noticed.

Here’s what’s really going on ↓ https://thehackernews.com/2025/11/hidden-logic-bombs-in-malware-laced.html

Chinese hackers used old bugs like Log4j and Struts to break into U.S. policy networks.

Then they hid using msbuild.exe and a fake system task to stay inside.

Old tricks. New targets.

Read the details ↓ https://thehackernews.com/2025/11/from-log4j-to-iis-chinas-hackers-turn.html

A single image file could hijack Galaxy phones.

Attackers hid a ZIP inside DNG photos sent over WhatsApp, exploiting a zero-day in Samsung’s image codec (CVE-2025-21042).

The implant — called LANDFALL — gave full spyware access.

Full report → https://thehackernews.com/2025/11/samsung-zero-click-flaw-exploited-to.html

Attackers are now using your cloud tools against you.

Fortinet uncovered a new campaign where stolen AWS credentials were used to run quiet recon and launch fraud from inside trusted environments.

No malware. No noise. Just normal-looking API traffic doing damage.

Read this story → https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html#researchers-uncover-large-scale-aws-abuse-network

🔥 Wild find from Microsoft.

Even when your AI chats are encrypted, someone watching the network can still guess what you’re talking about.

They call it "Whisper Leak" side-channel attack.

And in tests, models like OpenAI and Mistral gave away topics with 98% accuracy.

Worth your attention ↓ https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html

🚨 Three VS Code extensions — downloaded over 10,000 times — turned out to be part of a revived GlassWorm attack.

And... it spreads on its own. One infected developer can quietly compromise an entire team.

They're stealing credentials for GitHub, VSX, and crypto wallets while hiding in plain sight with invisible Unicode characters.

Read the whole story ↓ https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html

⚠️ Hackers are posing as Booking[.]com to target hotels.

Fake “security” emails trick managers into running a PowerShell noscript that installs PureRAT — giving full access to hotel systems.

Stolen logins and card data are being sold online.

More information here → https://thehackernews.com/2025/11/large-scale-clickfix-phishing-attacks.html

Everyone’s building with AI in the cloud.

Few are thinking about how to actually secure it.

#NetworkChuck just dropped a video with Wiz, showing how they’re finding hidden AI risks—“shadow AI”—before attackers do. It’s a smart look at where cloud security is headed next.

Worth a watch →

Last week in cyber was wild.

🔒 Malware hiding in VMs
🤖 AI chats leaking through encrypted traffic
📱 Spyware on flagship Androids
💣 Logic bombs set to go off years later
🕵️‍♂️ Fake AI bots, deepfakes, and more...

You can’t afford to miss this recap: https://thehackernews.com/2025/11/weekly-recap-hyper-v-malware-malicious.html

77% of employees paste sensitive data into GenAI tools.
Most use personal accounts, so IT can’t see it.

It’s all happening in the browser — and old DLP tools miss it completely.

The browser just became the biggest data leak in the enterprise ↓ https://thehackernews.com/2025/11/new-browser-security-report-reveals.html

North Korea’s Konni group just pulled off something wild — they turned Google’s own Find Hub into a weapon.

By stealing Google logins, they could remotely wipe Android phones, erasing data and covering their tracks.

It all started with a fake “Stress Clear” app, signed with a real Chinese company’s certificate.

Full story ↓ https://thehackernews.com/2025/11/konni-hackers-turn-googles-find-hub.html

🚨 UNC6485 is weaponizing CVE-2025-12480 (CVSS 9.1).

They bypassed Triofox auth, ran setup to create an admin, then pointed the antivirus path at centre_report.bat to run code as SYSTEM.

Read ↓ https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html

Hackers aren’t after people anymore — they’re after bots.

API keys and tokens now run much of your SaaS, often with full access.

One stolen token let attackers break into hundreds of Salesforce accounts.

See how it happened ↓ https://thehackernews.com/expert-insights/2025/11/whos-really-using-your-saas-rise-of-non.html

A fake npm package was caught pretending to be GitHub’s real one.

~acitons/artifact (with the typo) tried to steal build tokens from GitHub repos.

It ran a postinstall noscript that sent secrets to a fake GitHub site.

Full story ↓ https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html

🚨 🚨 New Android RAT — “Fantasy Hub” — is on sale on Russian Telegram: $200/week or $4,500/year.

It turns any app into spyware, pretends to be a Play update, hijacks SMS to steal 2FA, and streams camera/mic in real time via WebRTC.

Novices can buy and run it. If you use BYOD or mobile banking, read more ↓ https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html

AI-driven supply chain attacks jumped 156% last year.

This new malware rewrites itself, looks like real code, and waits weeks before hitting. Most security tools can’t spot it.

See what CISOs are doing to fight back ↓ https://thehackernews.com/2025/11/cisos-expert-guide-to-ai-supply-chain.html

🚨 GootLoader is back — and smarter.

Huntress found 3 new cases since Oct 27. In 2 of them, attackers took full control in under 17 hours.

Now it hides fake PDFs using special web fonts so the files look safe. ZIPs fool scanners but open real malware on Windows.

Details ↓ https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html

A new malware called Maverick is spreading through WhatsApp Web.

It can copy your Chrome data to skip QR logins, turn off Defender, and message your contacts from your account.

Full story ↓ https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html

🔥 Google just launched Private AI Compute — a new cloud system that runs AI without letting Google see your data.

It keeps Gemini models inside secure, encrypted hardware to protect privacy.

Auditors did find small flaws that could, in rare cases, expose users — but Google says fixes are on the way.

Read more ↓ https://thehackernews.com/2025/11/google-launches-private-ai-compute.html

🤖 82% of companies use AI agents.
🔐 53% let them access sensitive data every day.
⚠️ Most don’t know who owns or controls them.

One forgotten agent can leak everything.

How to stop it → https://thehackernews.com/expert-insights/2025/11/governing-ai-agents-from-enterprise.html

🚨 Microsoft just fixed a Windows flaw hackers are already exploiting in the wild.

The kernel bug (CVE-2025-62215) lets anyone with local access gain full control — and it’s being linked with other attacks for complete takeover.

Install the latest patches now ↓ https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html