Aggregator

The wave of attacks targeting vulnerabilities in Microsoft SharePoint continues to escalate, reaching levels of sophistication and scale not witnessed since the mass infections orchestrated by LockBit. According to Microsoft, the breaches are attributed...

The post SharePoint Under Siege: China-Linked Storm-2603 Unleashes Warlock Ransomware After Zero-Day Exploitation appeared first on Penetration Testing Tools.

安全设备配齐，为啥还建“文件安全中心”

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

宇树科技创始人王兴兴表示很多代码文字都懒得写，不如告诉一个大模型；“廉价版 Model Y”车型内饰谍照，该车基于现款 Model Y 车型进行了较大精简。

当前环境出现异常状态，需完成验证后方可继续访问。

Researchers at CYFIRMA have issued a warning about a new wave of cyberattacks leveraging malicious Android applications disguised as legitimate banking clients. These apps are designed to steal user credentials, intercept messages, and execute...

The post New Android Banking Malware Targets Indian Banks: Steals Credentials, Intercepts OTPs via Fake Apps appeared first on Penetration Testing Tools.

Security is a central challenge in modern application development and maintenance, requiring not just traditional practices but also a deep understanding of application architecture and data flow. While organizations now have access to rich data like logs and telemetry, the real challenge lies in translating this information into actionable insights. This article explores how leveraging those insights can help detect genuine security incidents and prevent their recurrence.

Invision Community 4.7.20 - (calendar/view.php) SQL Injection

XWiki 14 - SQL Injection via getdeleteddocuments.vm

Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)

Linux PAM Environment - Variable Injection Local Privilege Escalation

Adobe ColdFusion 2023.6 - Remote File Read

Xlight FTP 1.1 - Denial Of Service (DOS)

We examine the past tactics used by UNC3886 to gain insight on how to best strengthen defenses against the ongoing and emerging threats of this APT group.

围绕“纵深防御+白环境”，构建安全可靠的网络安全结构。

ropr ropr is a blazing fast multithreaded ROP Gadget finder What is an ROP Gadget? ROP (Return Oriented Programming) Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which...

The post ropr: blazing fast multithreaded ROP Gadget finder appeared first on Penetration Testing Tools.

In the first half of 2025, researchers observed the active exploitation of a new malware loader known as CastleLoader. Since its emergence, this tool has become a central element in the distribution infrastructure for...

The post CastleLoader Unleashed: New Stealthy Malware Loader Leverages ClickFix & Fake GitHub for Widespread Infections appeared first on Penetration Testing Tools.