TECHZONE™

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets https://thehackernews.com/2025/11/shai-hulud-v2-campaign-spreads-from-npm.html The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." "

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist https://thehackernews.com/2025/11/qilin-ransomware-turns-south-korean-msp.html South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP)

When Your $2M Security Detection Fails: Can your SOC Save You? https://thehackernews.com/2025/11/when-your-2m-security-detection-fails.html Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors. As a result, most organizations' security investments are asymmetrical, robust detection tools paired with an under-resourced SOC,

Influencers in the crosshairs: How cybercriminals are targeting content creators https://www.welivesecurity.com/en/social-media/influencers-crosshairs-cybercriminals-targeting-content-creators/ Social media influencers can provide reach and trust for scams and malware distribution. Robust account protection is key to stopping the fraudsters.

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps https://thehackernews.com/2025/11/chrome-extension-caught-injecting.html Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency wallet. The extension, named Crypto Copilot, was first published by a user named "sjclark76" on May 7, 2024. The developer describes the browser add-on as

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools https://thehackernews.com/2025/11/webinar-learn-to-spot-risks-and-patch.html If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch... The very tools that make your job easier might also be the reason your systems are at risk. These tools are run by the community. That means anyone can add or update packages. Some

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. "This is the first time that a RomCom payload has been observed being distributed by SocGholish," Arctic Wolf Labs researcher Jacob Faires said in a Tuesday report. The activity has been attributed with medium-to-high

FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams https://thehackernews.com/2025/11/fbi-reports-262m-in-ato-fraud-as.html The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover (ATO) fraud schemes. The activity targets individuals, businesses, and organizations of varied sizes and across sectors, the agency said, adding the fraudulent schemes have led to more than $262

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys https://thehackernews.com/2025/11/years-of-jsonformatter-and-codebeautify.html New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code. Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers https://thehackernews.com/2025/11/jackfix-uses-fake-windows-update-pop.html Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a "critical" Windows security update. "Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising," Acronis said in a

ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens https://thehackernews.com/2025/11/toddycats-new-hacking-tools-steal.html The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy. "This attack allows them to obtain tokens for the OAuth 2.0 authorization protocol using the user's browser, which can be used outside the perimeter of the compromised infrastructure to access

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware https://thehackernews.com/2025/11/hackers-hijack-blender-3d-assets-to.html Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information stealer known as StealC V2. "This ongoing operation, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader," Morphisec researcher Shmuel Uzan said in a report shared with The Hacker News. "Users unknowingly

3 SOC Challenges You Need to Solve Before 2026 https://thehackernews.com/2025/11/3-soc-challenges-you-need-to-solve.html 2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft hyper-realistic social engineering campaigns. The Storm on the Horizon Global world instability, coupled with rapid technological advancement, will force security teams to adapt not just their

MDR is the answer – now, what’s the question? https://www.welivesecurity.com/en/business-security/mdr-answer-now-whats-question/ Why your business needs the best-of-breed combination of technology and human expertise

CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users https://thehackernews.com/2025/11/cisa-warns-of-active-spyware-campaigns.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users of mobile messaging applications. "These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim's messaging app,

New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions https://thehackernews.com/2025/11/new-fluent-bit-flaws-expose-cloud-to.html Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects "allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags," Oligo Security said in

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft https://thehackernews.com/2025/11/second-sha1-hulud-wave-affects-25000.html Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz. "The campaign introduces a new variant that executes malicious

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More https://thehackernews.com/2025/11/weekly-recap-fortinet-exploit-chrome-0.html This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates. Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AI

Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs https://thehackernews.com/2025/11/chinese-ai-model-deepseek-r1-generates.html New research from CrowdStrike has revealed that DeepSeek's artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China. "We found that when DeepSeek-R1 receives prompts containing topics the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access https://thehackernews.com/2025/11/shadowpad-malware-actively-exploits.html A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad. "The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Security Intelligence Center (ASEC) said in a report published last week. "They then used PowerCat, an open-source