Aggregator

Submit #630202 / VDB-320535

Submit #630201 / VDB-320534

Submit #630200 / VDB-320533

A vulnerability classified as problematic has been found in Linux Kernel up to 6.15.4/6.16-rc3. This impacts an unknown function of the component LoongArch. The manipulation of the argument num_cpu leads to privilege escalation. This vulnerability is referenced as CVE-2025-38366. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

Аудит показал как полиция путает людей с преступниками.

How top-tier managed detection and response (MDR) can help organizations stay ahead of increasingly agile and determined adversaries

作者：MANISHA RAMCHARAN PRAJAPATI, SATYAM SINGH 原文链接：https://www.zscaler.com/blogs/security-research/supply-chain-risk-python-termncolor-and-colorinal-explained 引言 Zscaler ThreatLabz 持续监控我们的 Python 扫描...

Over 280,000 customers of Australian ISP iiNet have been impacted by a data breach

长期以来，银狐、PlugX、Cobalt Strike等被黑客广泛使用，且免杀手段日益复杂，传统的特征检测难以应对。基于天擎“六合”引擎已发现多起境外APT针对国内的全程无文件间谍活动，银狐等黑产木马更是不在话下。

A sophisticated new cyberthreat campaign has emerged that combines impersonation of trusted news sources with deceptive security verification prompts to trick users into executing malicious commands on their systems. According to a Reddit post, the ClickFix attack masquerades as legitimate BBC news content while employing fake Cloudflare verification screens to deliver malware. How the Attack Works The […]

The post New ClickFix Attack Uses Fake BBC News Page and Fraudulent Cloudflare Verification to Trick Users appeared first on Cyber Security News.

The U.S. Department of Justice has announced the seizure of more than $2.8 million in cryptocurrency from Yanis Alexandrovich Antroppenko, who stands accused of computer fraud and money laundering. Antroppenko is linked to the...

The post DOJ Seizes $2.8 Million in Crypto from Suspected Zeppelin Ransomware Operator appeared first on Penetration Testing Tools.

Researchers at Hunt.io have published an in-depth analysis of the Android banking trojan ERMAC 3.0, uncovering not only its enhanced capabilities but also severe flaws within its infrastructure. This iteration expands upon the functionality...

The post Leaked Source Code Exposes ERMAC 3.0: A Dangerous Trojan with Flawed Security appeared first on Penetration Testing Tools.

至少143万人敏感数据受影响

Experts at Censys have released their State of the Internet 2025 report, focusing on the infrastructure of cybercriminals—specifically Command-and-Control (C2) servers and other tools used to coordinate attacks and maintain access to compromised systems....

The post The State of Cybercrime: How C2 Servers Fuel the Global Threat appeared first on Penetration Testing Tools.

Groups of cybercriminals specializing in mobile phishing have discovered a new way to profit from stolen credentials. Whereas they once focused on transferring compromised cards into digital wallets and selling them for fraudulent transactions,...

The post Beyond the Email: How New Mobile Phishing Scams Are Causing a “Ramp-and-Dump” Stock Frenzy appeared first on Penetration Testing Tools.

1,5 миллиона аккаунтов украдены всего за полгода.

A former moderator of the dark web forum XSS, known by the alias Rehub, has launched his own platform under the name Rehubcom. This move coincides with the arrest of the XSS administrator in...

The post The King Is Dead, Long Live the King: A New Cybercrime Forum Rises from the Ashes of XSS appeared first on Penetration Testing Tools.

The China-linked group UAT-7237 has become the subject of a new report from Cisco Talos. According to researchers, this team has been active since 2022, specializing in long-term persistence within victim infrastructure. In one...

The post Beyond the Firewall: Inside UAT-7237, a Chinese APT Group Targeting Taiwan appeared first on Penetration Testing Tools.

Researchers have demonstrated that the latest Gemini models consistently interpret hidden Unicode Tag characters as executable instructions—rendering invisible text within the interface into direct commands for the AI. This flaw endangers all Gemini-based integrations,...

The post The Invisible Attack: Hidden Characters Can Make Gemini Models Implant Backdoors appeared first on Penetration Testing Tools.