Aggregator

Researchers at Hunt.io have published an in-depth analysis of the Android banking trojan ERMAC 3.0, uncovering not only its enhanced capabilities but also severe flaws within its infrastructure. This iteration expands upon the functionality...

The post Leaked Source Code Exposes ERMAC 3.0: A Dangerous Trojan with Flawed Security appeared first on Penetration Testing Tools.

至少143万人敏感数据受影响

Experts at Censys have released their State of the Internet 2025 report, focusing on the infrastructure of cybercriminals—specifically Command-and-Control (C2) servers and other tools used to coordinate attacks and maintain access to compromised systems....

The post The State of Cybercrime: How C2 Servers Fuel the Global Threat appeared first on Penetration Testing Tools.

Groups of cybercriminals specializing in mobile phishing have discovered a new way to profit from stolen credentials. Whereas they once focused on transferring compromised cards into digital wallets and selling them for fraudulent transactions,...

The post Beyond the Email: How New Mobile Phishing Scams Are Causing a “Ramp-and-Dump” Stock Frenzy appeared first on Penetration Testing Tools.

1,5 миллиона аккаунтов украдены всего за полгода.

A former moderator of the dark web forum XSS, known by the alias Rehub, has launched his own platform under the name Rehubcom. This move coincides with the arrest of the XSS administrator in...

The post The King Is Dead, Long Live the King: A New Cybercrime Forum Rises from the Ashes of XSS appeared first on Penetration Testing Tools.

The China-linked group UAT-7237 has become the subject of a new report from Cisco Talos. According to researchers, this team has been active since 2022, specializing in long-term persistence within victim infrastructure. In one...

The post Beyond the Firewall: Inside UAT-7237, a Chinese APT Group Targeting Taiwan appeared first on Penetration Testing Tools.

Researchers have demonstrated that the latest Gemini models consistently interpret hidden Unicode Tag characters as executable instructions—rendering invisible text within the interface into direct commands for the AI. This flaw endangers all Gemini-based integrations,...

The post The Invisible Attack: Hidden Characters Can Make Gemini Models Implant Backdoors appeared first on Penetration Testing Tools.

A recent reverse engineering analysis of a Lockbit ransomware variant targeting Linux-based ESXi servers has uncovered several sophisticated evasion techniques and operational details. The malware, first documented in 2022, employs the ptrace system call to detect debugging environments by attempting to attach to its parent process. If this fails typically due to an existing tracer […]

The post Lockbit Linux ESXi Ransomware Variant Reveals Evasion Techniques and File Encryption Process appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A team of researchers has unveiled a new framework, SNI5GECT, which exposes vulnerabilities in fifth-generation mobile networks at the very earliest stages of connection establishment. Unlike attacks that rely on counterfeit base stations—complex to...

The post SNI5GECT: A New Framework Exposes Major Vulnerabilities in 5G Networks appeared first on Penetration Testing Tools.

Allianz Life breach exposed data of most of its 1.4M customers; HIBP lists 1.1M impacted, though the insurer hasn’t confirmed exact figures. In July, Allianz Life disclosed a breach where hackers stole data from a cloud database, affecting most of its 1.4M customers and staff. Now, the data breach notification site Have I Been Pwned […]

A security researcher named Wayne has unveiled a new tool for Windows 11 that circumvents the PatchGuard protection mechanism in the system’s latest release (24H2). The project, called Kurasagi, has already been published on...

The post New Tool Bypasses Windows 11 PatchGuard, Opening a New Debate on Security appeared first on Penetration Testing Tools.

A vulnerability was found in Bouncy Castle for Java up to 2.1.0. It has been rated as problematic. Impacted is an unknown function of the component API Module. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2025-9092. An attack has to be approached locally. There is no exploit available.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.6.99/6.12.39/6.15.7. Affected by this vulnerability is the function user_mutex of the file net/rxrpc/recvmsg.c. Executing manipulation can lead to race condition. This vulnerability is handled as CVE-2025-38524. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.99/6.12.39/6.15.7. Affected by this issue is the function ice_lag_is_switchdev_running. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-38526. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This issue affects the function cifs_oplock_break of the component smb. Such manipulation leads to use after free. This vulnerability is referenced as CVE-2025-38527. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.1.147/6.6.100/6.12.38/6.15.6 and classified as critical. The impacted element is the function exit_mmap of the component amdkfd. The manipulation leads to deadlock. This vulnerability is listed as CVE-2025-38520. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.38/6.15.6. The affected element is the function alloc_tag_top_users. Executing manipulation can lead to improper initialization. This vulnerability is tracked as CVE-2025-38517. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

Researchers at Cymulate Research Labs have disclosed a new vulnerability in Windows that allows attackers to bypass Microsoft’s recent patch and once again exfiltrate NTLM hashes without any user interaction. The flaw, tracked as...

The post The Patch Isn’t a Fix: New Flaw Lets Attackers Steal NTLM Hashes from Windows appeared first on Penetration Testing Tools.