Attackers are actively exploiting a newly discovered zero-day vulnerability in Gogs—a widely used self-hosted Git service—for which no
The post 700+ Instances Hacked: Gogs Zero-Day CVE-2025-8110 Under Active Exploitation appeared first on Penetration Testing Tools.
Cisco Talos has uncovered a new DeadLock ransomware campaign in which attackers exploit a vulnerable Baidu Antivirus driver
The post DeadLock Ransomware Uses BYOVD to Kill EDR and Erase Backups Stealthily appeared first on Penetration Testing Tools.
A previously obscure Linux backdoor known as GhostPenguin has emerged from the shadows thanks to automated threat hunting,
The post AI Hunters Expose GhostPenguin: A Stealthy Linux Backdoor Undetected for Months appeared first on Penetration Testing Tools.
The cybercriminal group GrayBravo, formerly known as TAG-150, continues to evolve at a rapid pace, demonstrating a high
The post CastleLoader PhaaS: GrayBravo Escalates Attacks on Logistics & Booking.com appeared first on Penetration Testing Tools.
GhostFrame is a newly emerged phishing tool that, in just three months, has already powered more than one
The post GhostFrame: The Invisible Phishing-as-a-Service That Powered Over a Million Attacks appeared first on Penetration Testing Tools.
SpearSpray is an advanced password spraying tool designed specifically for Active Directory environments. It combines user enumeration via LDAP
The post SpearSpray: The Stealthy Tool That Bypasses Lockout Policies in Active Directory appeared first on Penetration Testing Tools.
Google has released an unscheduled Chrome update to patch a zero-day vulnerability already being exploited in active attacks.
The post PATCH NOW: Google Issues Emergency Chrome Update for Actively Exploited Zero-Day appeared first on Penetration Testing Tools.
Microsoft has released its December security updates: Patch Tuesday brings fixes for 57 vulnerabilities, including three zero-days (one
The post PATCH NOW: Microsoft Fixes 57 Flaws, Including Three Zero-Days Actively Exploited appeared first on Penetration Testing Tools.
The investigation in Japan has detained two Chinese nationals suspected of orchestrating the largest known market-manipulation scheme involving
The post Japan’s Largest Scam: Chinese Duo Used Hijacked Accounts to Manipulate Stock Prices appeared first on Penetration Testing Tools.
Experts at Doctor Web have identified a new click-fraud trojan, Trojan.ChimeraWire, which disguises itself as the activity of
The post ChimeraWire: The Click-Fraud Trojan Disguised as a Human User appeared first on Penetration Testing Tools.
The financially motivated group Storm-0249, long known as a broker of initial access for ransomware operators, has markedly
The post Invisible Ransomware: Storm-0249 Weaponizes SentinelOne EDR in Stealth Attacks appeared first on Penetration Testing Tools.
A newly discovered vulnerability in Node.js, designated CVE-2025-55182 and informally dubbed React2Shell, has become a favored weapon of
The post React2Shell Exploit: Botnets Target 150K+ Devices Daily with Node.js Flaw appeared first on Penetration Testing Tools.
The widow of Saudi dissident journalist Jamal Khashoggi has filed a complaint with the French prosecutor’s office, alleging
The post Khashoggi’s Widow Files French Complaint Over Pegasus Spyware Infection appeared first on Penetration Testing Tools.
The International Criminal Court has released a draft policy aimed at confronting crimes committed through digital technologies. The
The post Digital War Crimes: ICC Drafts Policy to Judge Cyber-Enabled Genocide and Aggression appeared first on Penetration Testing Tools.
DllShimmer Weaponize DLL hijacking easily. Backdoor any function in any DLL without disrupting normal process operation. How it
The post DllShimmer: The Stealth Tool for Weaponizing DLL Hijacking without Detection appeared first on Penetration Testing Tools.
DumpGuard is a credential dumping tool that can extract the NTLMv1 hashes of users on modern Windows systems.
The post DumpGuard Tool Bypasses Credential Guard to Steal NTLMv1 Hashes appeared first on Penetration Testing Tools.
Researchers from Howler Cell have detailed an underground marketplace for compromised websites operated by students and freelancers across
The post Student Sells Hacked Sites: Beima Web Shell Undetectable, Targets .Gov & .Edu appeared first on Penetration Testing Tools.
APT-C-53 has once again intensified its distribution of malicious attachments targeting organizations in Ukraine. The latest wave of
The post APT-C-53 Hits Ukraine: New Attack Exploits WinRAR Flaw for Persistence appeared first on Penetration Testing Tools.
The launch of the IPCola service on underground forums in 2023 initially appeared to be yet another proxy
The post The Proxy Ghost: IPCola’s Network Feeds on User Devices Covertly appeared first on Penetration Testing Tools.
On Monday, Warby Parker and Google announced that they are preparing to release AI-powered smart glasses, with the
The post Google & Warby Parker Partner on AI Smart Glasses to Launch in 2026 appeared first on Penetration Testing Tools.
