The Hacker News

🚨 Fluent Bit — deployed over 15 Billion times — just got hit with 5 critical CVEs. Attackers can exploit them to run code, rewrite or delete logs, and fake telemetry across AWS, GCP & Azure. Some of these bugs have been in Fluent Bit for over 8 years. More details ↓ https://thehackernews.com/2025/11/new-fluent-bit-flaws-expose-cloud-to.html

🔥 New npm attack DETECTED! A campaign dubbed “Sha1-Hulud: The Second Coming” has compromised hundreds of packages and over 25,000 GitHub repos. The code runs during install, steals cloud logins, and if that fails, it deletes the user’s home folder. Read more ↓ https://thehackernews.com/2025/11/second-sha1-hulud-wave-affects-25000.html

⚡ Another week, another wave of exploits, leaks, and surprise fixes. What’s real, what’s risky, what’s next — it’s all in the Cybersecurity Recap 👉 https://thehackernews.com/2025/11/weekly-recap-fortinet-exploit-chrome-0.html

🔴 Researchers say China’s DeepSeek-R1 AI writes weaker code when asked about topics like Tibet or Uyghurs. Coding mistakes go up by about 50%, even when the topic isn’t part of the task. This bias could be a new security risk. Full story ↓ https://thehackernews.com/2025/11/chinese-ai-model-deepseek-r1-generates.html

🚨 Hackers are using a fixed Windows bug (CVE-2025-59287) to spread ShadowPad malware through WSUS servers. They used normal Windows tools like curl and certutil to install it — a method seen before in Chinese hacking groups. Systems patched too late may have already been compromised. Full story ↓ https://thehackernews.com/2025/11/shadowpad-malware-actively-exploits.html

🚨 China’s hacker group APT31 broke into Russia’s IT companies — and stayed hidden for almost two years. They used Yandex Cloud, OneDrive, and even social media to steal data without raising alarms. Some attacks ran on holidays when no one was watching. Details ↓ https://thehackernews.com/2025/11/china-linked-apt31-launches-stealthy.html

🚨 Hackers found a new way to phish — through browser notifications. A new tool called Matrix Push C2 lets attackers send fake alerts that look like real ones from PayPal, Netflix, or TikTok. No downloads. No malware file. Just one click — and your data’s theirs. Learn more ↓ https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html

🚨 CISA warns Oracle Identity Manager flaw (CVE-2025-61757) is under active attack. Hackers can run code without login by adding ?WSDL or ;.wadl to URLs — a tiny trick that opens locked systems. Exploited since August. Patch by Dec 12. Full details ↓ https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.html

🚨 Grafana fixed a major security bug (CVSS 10.0) that could let attackers sign in as admin users. It affects Grafana Enterprise 12.0.0–12.2.1 if SCIM provisioning is turned on — a number like “1” could trick the system into giving admin access. Update now to stay safe. Read more ↓ https://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html

🚨 Google just made Android and iPhone share files directly using Quick Share and AirDrop. It’s built in Rust for stronger security, and a small info leak found in testing is already fixed. Full details ↓ https://thehackernews.com/2025/11/google-adds-airdrop-compatibility-to.html

Every phone could be a way in for hackers. Samsung Galaxy devices check their security before they connect to your network. That means real Zero Trust—built into the device itself. Read ↓ https://thehackernews.com/2025/11/why-it-admins-choose-samsung-for-mobile.html

⚠️ A hacking group linked to China just pulled a big one. They used a marketing firm’s code to infect 1,000+ websites with a fake 🔔 Chrome update. Click it — and you get BADAUDIO, new malware made to spy for months. Full story ↓ https://thehackernews.com/2025/11/apt24-deploys-badaudio-in-years-long.html