Aggregator

Submit #792945 / VDB-355515

Submit #792799 / VDB-250459

Submit #792798 / VDB-355506

A profound architectural frailty has been unearthed within a ubiquitous server management console, permitting an adversary to usurp

The post One Username to Rule Them All: The Persistent RCE Shadow Haunting Control Web Panel appeared first on Penetration Testing Tools.

A vulnerability marked as critical has been reported in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page causes stack-based buffer overflow. This vulnerability appears as CVE-2026-5687. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability labeled as critical has been found in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-5686. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is documented as CVE-2026-5685. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability categorized as critical has been discovered in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2026-5684. The attack requires access to the local network. Furthermore, an exploit is available.

A sophisticated evolution of the venerable Rowhammer assault has unexpectedly yielded ramifications far more profound than previously envisioned.

The post Sovereign Control: How “Multi-Layered” Rowhammer Flips Bits to Hijack NVIDIA GPUs appeared first on Penetration Testing Tools.

A vulnerability was found in Tenda CX12L 16.03.53.12. It has been rated as critical. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-5683. The attack must originate from the local network. Furthermore, there is an exploit available.

The recent incursion into the cryptocurrency sanctuary Drift, which culminated in the exfiltration of $285 million, has been

The post The Long Game: How North Korea’s UNC4736 Spent Six Months Infiltrating Drift for a $285M Payday appeared first on Penetration Testing Tools.

Submit #792785 / VDB-355514

Submit #792783 / VDB-355513

Submit #792782 / VDB-355512

Submit #792781 / VDB-355511

Submit #792777 / VDB-355510

The ubiquitous JavaScript library axios, a cornerstone utilized by millions of digital architectures, was transfigured for several hours

The post The 15-Second Takeover: How North Korea’s UNC1069 Hijacked Axios and 100 Million Users appeared first on Penetration Testing Tools.

Corporate firewalls have long been accustomed to relying upon the reputation of IP addresses; however, nascent analysis indicates

The post The Invisible Army: Why 78% of Residential Attackers Bypass Modern IP Reputation appeared first on Penetration Testing Tools.

Throughout the nearly four-year tenure of Lockdown Mode, not a single iPhone fortified by this defensive posture has

The post The Unbreakable Vault: Why Apple’s Lockdown Mode Has Never Been Cracked by State-Sponsored Spyware appeared first on Penetration Testing Tools.

Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro. Qilin attacks analyzed by Talos have been found to deploy a malicious DLL named "msimg32.dll,"