TECHZONE™

⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More https://thehackernews.com/2025/11/weekly-recap-hyper-v-malware-malicious.html Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear shift: cybercrime is evolving fast

New Browser Security Report Reveals Emerging Threats for Enterprises https://thehackernews.com/2025/11/new-browser-security-report-reveals.html According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low. What’s emerging isn’t just a blindspot. It’s a parallel threat surface: unmanaged extensions acting like supply chain implants, GenAI

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware https://thehackernews.com/2025/11/large-scale-clickfix-phishing-attacks.html Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT. "The attacker's modus operandi involved using a compromised email account to send malicious messages to multiple hotel establishments," Sekoia said. "This campaign

GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem. The extensions in question, which are still available for download, are listed below - ai-driven-dev.ai-driven-dev (3,402 downloads) adhamu.history-in-sublime-merge (4,057

Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protections under certain circumstances. This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to

In memoriam: David Harley https://www.welivesecurity.com/en/cybersecurity/in-memoriam-david-harley/ Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security

The who, where, and how of APT attacks in Q2 2025–Q3 2025 https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/ ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report

Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp https://thehackernews.com/2025/11/samsung-zero-click-flaw-exploited-to.html A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the Middle East. The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the "libimagecodec.quram.so" component that could allow remote attackers to execute arbitrary

From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools https://thehackernews.com/2025/11/from-log4j-to-iis-chinas-hackers-turn.html A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues. The organization, according to a report from Broadcom's Symantec and Carbon Black teams, is "active in attempting to influence U.S. government

ESET APT Activity Report Q2 2025–Q3 2025 https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2025-q3-2025/ An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation https://thehackernews.com/2025/11/hidden-logic-bombs-in-malware-laced.html A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named "shanhai666" and are designed to run malicious code after specific trigger dates in August 2027 and

Enterprise Credentials at Risk – Same Old, Same Old? https://thehackernews.com/2025/11/enterprise-credentials-at-risk-same-old.html Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she’s just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are laughing all the way to their dark web

Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts https://thehackernews.com/2025/11/google-launches-new-maps-feature-to.html Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative comments. The approach is designed to tackle a common practice called review bombing, where online users intentionally post negative user reviews in an

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities https://thehackernews.com/2025/11/vibe-coded-malicious-vs-code-extension.html Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension "susvsex," said it does not attempt to hide its malicious functionality. The extension was uploaded on

Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming https://www.welivesecurity.com/en/scams/sharing-is-scaring-whatsapp-screen-sharing-scam/ How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned. "InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link

Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 https://thehackernews.com/2025/11/cisco-warns-of-new-firewall-attack.html Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362. "This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-service

From Tabletop to Turnkey: Building Cyber Resilience in Financial Services https://thehackernews.com/2025/11/from-tabletop-to-turnkey-building-cyber.html Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in

ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global system where every digital weakness can be turned into physical harm, economic loss, or political

Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response https://thehackernews.com/2025/11/bitdefender-named-representative-vendor.html Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) — marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few meet the criteria to appear in the Market Guide. While inclusion is not a ranking or comparative