Analysts at Huntress have detected active exploitation attempts targeting a newly discovered vulnerability in CentreStack and TrioFox products
The post Exploited Zero-Day: Critical Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI appeared first on Penetration Testing Tools.
Apple has significantly expanded its bug bounty program dedicated to strengthening the security of the iOS ecosystem. At
The post Apple Ups Bounty to $5 Million for Zero-Click Spyware Exploits appeared first on Penetration Testing Tools.
The ClayRat espionage campaign is evolving rapidly and increasingly targeting Android users. According to Zimperium, the malware is
The post ClayRat Spyware Campaign Targets Android Users via Fake Apps and Aggressive Self-Propagation appeared first on Penetration Testing Tools.
Attackers have begun abusing the DFIR tool Velociraptor to stage ransomware deployments of LockBit and Babuk. Cisco Talos
The post Ransomware Group Storm-2603 Abuses Velociraptor for Stealthy LockBit/Babuk Attacks appeared first on Penetration Testing Tools.
According to a new report from Microsoft Threat Intelligence, the financially motivated group Storm-2657 is conducting large-scale attacks
The post Storm-2657 Hackers Steal University Salaries by Hijacking Workday HR Accounts appeared first on Penetration Testing Tools.
Researchers at FireTail have discovered the resurrection of an old-class flaw — ASCII Smuggling — now resurfacing in
The post ASCII Smuggling Attack Bypasses Filters, Forcing Gemini to Obey Invisible Commands from Calendar Invites appeared first on Penetration Testing Tools.
Two critical vulnerabilities discovered in the 7-Zip archiver allowed remote execution of arbitrary code when processing ZIP files.
The post Critical 7-Zip Flaws Allow Remote Code Execution via Malicious ZIP Files appeared first on Penetration Testing Tools.
In June 2025, a researcher operating under the pseudonym rick disclosed a critical vulnerability in GitHub Copilot dubbed
The post GitHub Copilot Zero-Click CamoLeak Exposed: CVE-2025-59145 (CVSS 9.6) Allowed Silent Data Theft from Private Repos appeared first on Penetration Testing Tools.
Wiz researchers have recently disclosed a critical vulnerability in Redis affecting version 8.2.1 and earlier releases. Tracked as
The post Critical Redis Lua Flaw (CVE-2025-49844) Rated CVSS 10.0 Allows Remote Code Execution appeared first on Penetration Testing Tools.
Researchers have identified a large-scale wave of attacks orchestrated by the RondoDox botnet, which employs the so-called “exploit
The post RondoDox Botnet Firing ‘Exploit Shotgun’: Targets 56 Vulnerabilities Across 30+ Router and IoT Vendors appeared first on Penetration Testing Tools.
Forescout specialists recorded a targeted intrusion in September against a honeypot simulating the control system of a water-treatment
The post Hacktivist Group TwoNet Exposed: Fabricated Water Utility Attack After Breaching OT Honeypot with Default Credentials appeared first on Penetration Testing Tools.
A new vulnerability has been discovered in OpenSSH — CVE-2025-61984 — which permits remote code execution (RCE) by
The post OpenSSH ProxyCommand Flaw CVE-2025-61984 Bypasses Filters, Allowing RCE via Crafted Usernames appeared first on Penetration Testing Tools.
On October 14, 2025, official support for Windows 10—the operating system released by Microsoft in 2015—will come to
The post Windows 10 End-of-Life is October 14: Microsoft Pushes Windows 11 Upgrade or Paid ESU appeared first on Penetration Testing Tools.
msLDAPDump LDAP enumeration tool implemented in Python3 msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the
The post msLDAPDump: LDAP enumeration tool appeared first on Penetration Testing Tools.
ReconAIzer ReconAIzer is a powerful Jython extension for Burp Suite that leverages OpenAI to help bug bounty hunters
The post ReconAIzer: leverages OpenAI to help bug bounty hunters optimize their recon process appeared first on Penetration Testing Tools.
A new wave of phishing attacks has laid bare just how sophisticated social-engineering techniques have become. Researchers have
The post New Cache Smuggling Phishing Attack Delivers Malware via Browser Cache appeared first on Penetration Testing Tools.
The Microsoft Teams messenger, widely used for corporate communication, has increasingly become a convenient arena for cyberattacks. According
The post Microsoft Teams: New Report Exposes How APTs and Ransomware Groups Weaponize Collaboration Features to Breach Enterprises appeared first on Penetration Testing Tools.
In August 2025, researchers from Huntress observed a cyberattack involving the abuse of the legitimate server-monitoring tool Nezha,
The post China-Linked Hackers Weaponize Nezha Monitoring Tool and Log Poisoning to Deploy Gh0st RAT on 100+ Systems appeared first on Penetration Testing Tools.
The popular design tool Figma has faced a potential security threat due to a vulnerability in the Model
The post High-Severity Figma MCP Flaw CVE-2025-53967 Allows Remote Command Injection via Fallback Mechanism appeared first on Penetration Testing Tools.
The ClamAV 1.5.0 antivirus engine has been released, introducing one of the most significant updates in recent years
The post ClamAV 1.5.0 Released: Major Update Adds FIPS Mode Support and Switches Cache Hashing to SHA-256 appeared first on Penetration Testing Tools.
