RemoteMonologue is a Windows credential harvesting technique that enables remote user compromise by leveraging the Interactive User RunAs key and coercing NTLM authentications via DCOM. Features 🔹 Authentication Coercion via DCOM (-dcom) Targets three DCOM...
The post RemoteMonologue: New Windows Technique Weaponizes DCOM for NTLM Credential Harvesting appeared first on Penetration Testing Tools.
In a sweeping espionage campaign dubbed LapDogs, over a thousand small office and home office devices were compromised. Researchers from the STRIKE team at SecurityScorecard reported that the attack was linked to Chinese threat...
The post “LapDogs” Unmasked: China-Linked Actors Build Covert ORB Network on 1,000+ SOHO Devices for Espionage appeared first on Penetration Testing Tools.
The leading cybersecurity agencies in the United States—CISA and the NSA—have issued a joint report urging software developers to adopt so-called memory-safe programming languages. These are technologies inherently designed to protect against critical memory-related...
The post CISA, FBI, NSA Urge Software Industry: Adopt Memory-Safe Languages to Drastically Cut Vulnerabilities appeared first on Penetration Testing Tools.
On Friday evening, a surprising announcement introduced Tyr—a new graphics driver for the Linux kernel, written in Rust. Designed to support modern Arm Mali GPUs, the driver interfaces with the Direct Rendering Manager. Despite...
The post Linux Gains “Tyr”: New Rust-Written Graphics Driver for Arm Mali GPUs Unveiled appeared first on Penetration Testing Tools.
Microsoft has released the preview update KB5060829 for Windows 11 version 24H2, encompassing 38 technical enhancements, including refinements to the taskbar and a new tool for seamless data migration between devices. Classified as an...
The post Windows 11 24H2 Preview (KB5060829) Unveils Seamless PC Migration & Taskbar Improvements appeared first on Penetration Testing Tools.
For nearly a year, a hacker collective has been orchestrating a large-scale campaign targeting the financial sector across Africa. Experts from Unit 42 at Palo Alto Networks have sounded the alarm, tracking this operation...
The post African Financial Institutions Targeted: “CL-CRI-1014” IAB Uses Open-Source Tools & Forged Signatures for Covert Access appeared first on Penetration Testing Tools.
Researchers at Varonis Threat Labs have uncovered a new phishing campaign in which attackers exploit a little-known Microsoft 365 feature known as Direct Send. Originally intended for sending emails from internal devices such as...
The post Microsoft 365 “Direct Send” Abused: Phishing Campaign Spoofs Internal Users, Bypasses Security appeared first on Penetration Testing Tools.
Cisco has released critical security updates to address two severe vulnerabilities in its network security products. Both issues affect Cisco Identity Services Engine (ISE) and its associated component, the ISE Passive Identity Connector (ISE-PIC)....
The post Urgent Cisco ISE/ISE-PIC Alert: Two Critical RCE Flaws (CVSS 10.0) Allow Unauthenticated Root Access appeared first on Penetration Testing Tools.
ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike...
The post ZigStrike: New Zig-Based Shellcode Loader Revolutionizes EDR Evasion with Advanced Injection Techniques appeared first on Penetration Testing Tools.
Loki is a stage-1 command and control (C2) framework written in Node.js, built to script-jack vulnerable Electron apps MITRE ATT&CK T1218.015. Developed for red team operations, Loki enables evasion of security software and bypasses application...
The post Loki: Node.js Command & Control for Script-Jacking Vulnerable Electron Applications appeared first on Penetration Testing Tools.
Hackers have begun actively exploiting a critical vulnerability that grants them full control over thousands of servers, including those performing vital functions in data centers. This alarming development has prompted a warning from the...
The post CISA Warns: Critical AMI MegaRAC Firmware Flaw (CVE-2024-54085, CVSS 10.0) Actively Exploited for Server Takeover appeared first on Penetration Testing Tools.
Microsoft is preparing a significant overhaul of the infamous Blue Screen of Death (BSOD) in Windows. As part of the Windows Resiliency Initiative, the iconic blue error screen will be replaced by a new...
The post Windows 11 Retires Blue Screen of Death: New Black Crash Screen Focuses on Faster Diagnostics appeared first on Penetration Testing Tools.
A new wave of malicious npm packages has been uncovered, linked to the ongoing Contagious Interview operation, which has been attributed to North Korean threat actors. The discovery was made by the cybersecurity firm...
The post North Korean APT Launches Massive npm Supply Chain Attack: Typosquatting & Fake Jobs Steal Crypto from Devs appeared first on Penetration Testing Tools.
A cybercriminal group has begun exploiting the popular ConnectWise ScreenConnect software to craft malware bearing a legitimate digital signature, thereby enabling the covert installation of remote access tools on victims’ devices. This alarming tactic...
The post EvilConwi Unmasked: Hackers Weaponize Signed ConnectWise ScreenConnect Installers for Malware Deployment appeared first on Penetration Testing Tools.
Cybercriminals have launched a large-scale campaign dubbed OneClik, targeting companies in the energy, oil, and gas sectors. The attack leverages Microsoft’s legitimate ClickOnce technology and a custom-designed backdoor known as RunnerBeacon, allowing threat actors...
The post “OneClik” APT Unmasked: China-Linked Campaign Abuses Microsoft ClickOnce & AWS Cloud to Target Energy Sector appeared first on Penetration Testing Tools.
The French police have carried out a sweeping operation targeting the organizers of the infamous cybercriminal forum BreachForums, which in recent years had become a major hub for the trafficking of stolen data. According...
The post French Police Bust BreachForums Organizers: “ShinyHunters,” “IntelBroker” & Others Arrested in Major Cybercrime Crackdown appeared first on Penetration Testing Tools.
Citrix has issued a warning regarding a newly discovered critical vulnerability in its NetScaler appliances, which is already being actively exploited in the wild. Tracked as CVE-2025-6543, this flaw affects the widely deployed NetScaler...
The post Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited appeared first on Penetration Testing Tools.
A British citizen has been formally charged in the United States for orchestrating large-scale cyberattacks and trafficking in stolen confidential data, resulting in an estimated $25 million in damages. According to the U.S. Attorney’s...
The post Notorious Hacker “IntelBroker” (Kai West) Arrested & Charged in US: $25M Damages, Traced by Crypto appeared first on Penetration Testing Tools.
Unknown threat actors have begun disseminating a counterfeit version of the SonicWall application, designed to steal credentials used to access VPNs. The campaign was uncovered by experts at SonicWall and Microsoft, who detected attempts...
The post SonicWall Warns: Trojanized NetExtender VPN Client Stealing Credentials in Active Campaign appeared first on Penetration Testing Tools.
Hollowise is a Windows-based tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques. It allows for stealth execution of debuggers and code and network analizers by replacing the memory of a suspended process (e.g. calc.exe) with...
The post Hollowise: New Windows Tool Enables Stealthy Code Execution via Process Hollowing & PPID Spoofing appeared first on Penetration Testing Tools.
