TECHZONE™

Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain https://thehackernews.com/2025/11/fake-chrome-extension-safery-steals.html Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users' seed phrases. The name of the extension is "Safery: Ethereum Wallet," with the threat actor describing it as a "secure wallet for managing Ethereum cryptocurrency with flexible settings." It was uploaded to the Chrome Web Store on

When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security https://thehackernews.com/2025/11/when-attacks-come-faster-than-patches.html The Race for Every New CVE Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known Exploited Vulnerabilities Catalog as a reference, hundreds of software flaws are now confirmed as actively targeted within days of public disclosure. Each new announcement now triggers a global race

Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown https://thehackernews.com/2025/11/operation-endgame-dismantles.html Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust. The activity, which is taking place between November 10 and 13, 2025, marks the latest phase of Operation Endgame, an ongoing operation designed to take down criminal infrastructures and combat ransomware enablers

ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories https://thehackernews.com/2025/11/threatsday-bulletin-cisco-0-days-ai-bug.html Behind every click, there’s a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted systems against us. But security teams are fighting back. They’re building faster defenses, better ways to spot attacks, and stronger systems to keep people safe. It’s a constant race — every

CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks https://thehackernews.com/2025/11/cisa-flags-critical-watchguard-fireware.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack https://thehackernews.com/2025/11/over-46000-fake-npm-packages-flood.html Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort. "The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two years," Endor Labs

 Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform https://thehackernews.com/2025/11/google-sues-china-based-hackers-behind.html Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform called Lighthouse that has ensnared over 1 million users across 120 countries. The PhaaS kit is used to conduct large-scale SMS phishing attacks that exploit trusted brands like E-ZPass and USPS to

Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html Amazon's threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products as part of attacks designed to deliver custom malware. "This discovery highlights the trend of threat actors focusing on critical identity and network access control infrastructure –

[Webinar] Learn How Leading Security Teams Reduce Attack Surface Exposure with DASR https://thehackernews.com/2025/11/webinar-learn-how-leading-security.html Every day, security teams face the same problem—too many risks, too many alerts, and not enough time. You fix one issue, and three more show up. It feels like you’re always one step behind. But what if there was a smarter way to stay ahead—without adding more work or stress? Join The Hacker News and Bitdefender for a free cybersecurity webinar to learn about a new approach called Dynamic Attack

Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security https://thehackernews.com/2025/11/active-directory-under-siege-why.html Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD's importance has grown as companies adopt hybrid and cloud infrastructure, but so has its complexity. Every application, user, and device traces back to AD for authentication and authorization, making it the ultimate target. For attackers, it represents the holy grail: compromise Active

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three

Google Launches 'Private AI Compute' — Secure AI Processing with On-Device-Level Privacy https://thehackernews.com/2025/11/google-launches-private-ai-compute.html Google on Tuesday unveiled a new privacy-enhancing technology called Private AI Compute to process artificial intelligence (AI) queries in a secure platform in the cloud. The company said it has built Private AI Compute to "unlock the full speed and power of Gemini cloud models for AI experiences, while ensuring your personal data stays private to you and is not accessible to anyone else, not

Why shadow AI could be your biggest security blind spot https://www.welivesecurity.com/en/business-security/shadow-ai-security-blind-spot/ From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company

WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp. According to a report from CyberProof, both malware strains are written in .NET, target Brazilian users and banks, and feature identical functionality to decrypt, targeting banking URLs and monitor banking applications.

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours of initial infection. "

CISO's Expert Guide To AI Supply Chain Attacks https://thehackernews.com/2025/11/cisos-expert-guide-to-ai-supply-chain.html AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert guide to AI Supply chain attacks here.  TL;DR AI-enabled supply chain attacks are exploding in scale and sophistication - Malicious package uploads to open-source repositories jumped 156% in

Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package with the intent to target GitHub-owned repositories. "We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish

Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that's sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model. According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,

Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads.  The

Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon https://thehackernews.com/2025/11/konni-hackers-turn-googles-find-hub.html The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control. "Attackers impersonated psychological counselors and North Korean human rights activists, distributing malware disguised as stress-relief programs," the Genians