China’s hackers used Anthropic’s AI to run cyber attacks — almost fully on its own.

They turned Claude into a self-running hacking tool that hit tech, finance, and government targets.

AI did about 90% of the work by itself.

Learn more ↓ https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html

Ransomware is breaking records again.

In Q3 2025, researchers found 85 active ransomware groups — more than ever before. Police took some down, but 14 new ones popped up right after.

Now LockBit 5.0 is back, and it could pull them all together again.

Read the full report → https://thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html

🛑 Iran’s APT42 hackers are now targeting defense officials and their families.

They send fake WhatsApp invites that install a PowerShell backdoor called TAMECAT using Cloudflare, Discord, and Telegram.

It’s active and still spreading.

Details here ↓ https://thehackernews.com/2025/11/iranian-hackers-launch-spearspecter-spy.html

🕵️‍♂️ How many AI assets are running in your organization right now?

If you can’t answer that, you’re not alone.

From hidden models in Jupyter notebooks to AI-powered features buried in SaaS tools, AI is spreading faster than most teams can track.

Join this live webinar to learn:

- How to discover and catalog AI assets you didn’t know existed
- Why AI inventory is the foundation for effective AI security and governance

👉 https://thn.news/building-ai-inventory

🚨 Major AI engines from Meta, Nvidia, Microsoft, and PyTorch were hit by the same critical bug.

It lets attackers run code on remote systems — all because of a reused unsafe pattern in ZeroMQ and Python pickle.

Some systems are still not fixed.

Read the full story ↓ https://thehackernews.com/2025/11/researchers-find-serious-ai-bugs.html

🚨 North Korean hackers have a new trick.

They’re hiding malware inside fake API keys on GitHub — using JSON Keeper and other legit tools to stay invisible.

The attack installs “BeaverTail” to steal data and drop a Python backdoor.

See how it works ↓ https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html

🔔 Update: Fortinet has assigned CVE-2025-64446 (CVSS 9.1) — a path traversal flaw letting attackers run admin commands via crafted HTTP/S requests.

CISA added it to KEV — deadline: Nov 21.

Exploited in the wild.

Patch now ⤵️ https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html

The U.S. just uncovered how North Korea used fake “remote IT jobs” to sneak millions past sanctions.

👤 5 Americans pleaded guilty
🏢 136 U.S. companies hit
💰 $2.2M sent to North Korea

Read the details ↓ https://thehackernews.com/2025/11/five-us-citizens-plead-guilty-to.html

🚨 A new botnet called RondoDox is attacking unpatched XWiki servers through a critical bug (CVE-2025-24893, score 9.8).

Hackers are using it to spread crypto miners and DDoS tools.

Learn more ↓ https://thehackernews.com/2025/11/rondodox-exploits-unpatched-xwiki.html

🚨 Big win for Android security.

Google says Rust cut memory bugs by 1000x — and made coding faster too.

Fewer crashes, fewer rollbacks, quicker reviews. Even an 8.1-rated bug in “unsafe” Rust couldn’t get through.

Learn more ↓ https://thehackernews.com/2025/11/rust-adoption-drives-android-memory.html

🚨 Hackers are using fake Chrome and Teams apps to spread a new virus. It’s called RONINGLOADER, and it installs a changed version of Gh0st RAT.

😬 It shuts down antivirus tools with real Windows drivers and hides inside regsvr32.exe.

Read the full story ↓ https://thehackernews.com/2025/11/dragon-breath-uses-roningloader-to.html

🚨 1 in 3 phishing attacks no longer come from email.

They’re sliding into LinkedIn DMs—impersonating execs, hijacking accounts, and stealing access to Microsoft & Google workspaces.

The worst part? Security teams can’t even see it happening.

Find out how it works ↓ https://thehackernews.com/2025/11/5-reasons-why-attackers-are-phishing.html

🛡️ Missed the latest threats? Cyber moves fast — catch up faster.

⚡ Fortinet flaw exploited
🤖 China’s AI-driven ops
📉 PhaaS shutdown
💰 Fake crypto apps
📦 Supply chain abuse

🔗 All in one sharp recap: https://thehackernews.com/2025/11/weekly-recap-fortinet-exploited-chinas.html

⚡ Hackers are using fake reCAPTCHA pop-ups to install Amatera Stealer — malware that steals crypto, passwords, and messages.

It hides inside Windows files and skips computers with nothing valuable.

Full details ↓ https://thehackernews.com/2025/11/new-evalusion-clickfix-campaign.html

🔴 Google confirms new Chrome zero-day under attack.

The flaw — CVE-2025-13223 — lets hackers run code through a crafted web page.

It’s the third V8 exploit this year, and it’s already being used in the wild.

Patch now ↓ https://thehackernews.com/2025/11/google-issues-security-fix-for-actively.html

🔥 Microsoft stopped the biggest DDoS attack ever seen in the cloud — 5.72 Tbps from over 500,000 hacked routers and cameras.

The attack came from an IoT botnet called AISURU.

The devices are still infected — and could strike again.

Read here → https://thehackernews.com/2025/11/microsoft-mitigates-record-572-tbps.html

⚠️ Seven npm packages were caught hiding crypto scams.

They used a cloaking tool called Adspect to dodge detection — even blocking dev tools to stay invisible.

Learn more ↓ https://thehackernews.com/2025/11/seven-npm-packages-use-adspect-cloaking.html

Dev teams often waste valuable time and effort sifting through vulnerabilities… just to determine if a container is safe.

ActiveState’s new Secure Container Image Catalog simplifies how teams find, compare, and pull secure containers.

The growing catalog, which offers free container images for languages like Python and Java, provides:

🔹 Real-time vulnerability insights and VEX advisories
🔹 Full SBOMs and component details for complete transparency
🔹 Reliable architecture and compatibility data
🔹 The ability to directly compare and pull secure images

Check out the catalog to simplify your container image selection: https://thn.news/state-images

🤖 Most cyberattacks don’t start with hackers — they start with machine accounts.

Non-human identities now outnumber people 50 to 1, and most orgs still can’t see or secure them.

A new approach called Identity Security Fabric fixes that.

Read how it works ↓ https://thehackernews.com/2025/11/beyond-iam-silos-why-identity-security.html

Iran’s UNC1549 hackers hit defense networks without even touching them.

They broke in through third-party Citrix and Azure accounts and dropped backdoors — TWOSTROKE and DEEPROOT — that can sit quiet for months.

They’re now active across the Middle East’s aerospace supply chain.

Read this latest report ↓ https://thehackernews.com/2025/11/iranian-hackers-use-deeproot-and.html

🏠 A U.S. real-estate giant was nearly hacked — through a fake Microsoft Teams chat.

Attackers used Tuoni, a free red-team tool from GitHub, to run hidden code straight in memory.
Even the noscript showed signs of AI-written code.

How ethical hacking tools are turning against us → https://thehackernews.com/2025/11/researchers-detail-tuoni-c2s-role-in.html