Aggregator

A vulnerability classified as critical has been found in Apple tvOS. This affects an unknown function of the component Web Handler. Performing manipulation results in memory corruption. This vulnerability is identified as CVE-2024-54534. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple visionOS. This impacts an unknown function of the component Web Handler. Executing manipulation can lead to memory corruption. This vulnerability is tracked as CVE-2024-54534. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in GStreamer up to 1.24.9. Affected by this vulnerability is the function qtdemux_parse_theora_extension of the file qtdemux.c. Such manipulation leads to integer overflow. This vulnerability is documented as CVE-2024-47606. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, was found in Citrix Session Recording and Virtual Apps and Desktops. Affected by this vulnerability is an unknown functionality. Such manipulation leads to deserialization. This vulnerability is traded as CVE-2024-8069. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available. You should upgrade the affected component.

A vulnerability identified as problematic has been detected in OpenText Enterprise Security Manager up to 7.8.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-3478. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Citrix Session Recording and Virtual Apps and Desktops and classified as critical. This vulnerability affects unknown code. The manipulation results in improper privilege management. This vulnerability is reported as CVE-2024-8068. The attacker must have access to the local network to execute the attack. Moreover, an exploit is present. It is suggested to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.14.8. This affects the function algif_hash of the component crypto. Performing manipulation results in use after free. This vulnerability is reported as CVE-2025-38079. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.

Openness has long been the defining distinction between Android and the iPhone, yet in recent years Google has steadily shifted the balance toward security. Now the company is preparing its most radical step yet...

The post Beyond Google Play: The End of Anonymous Sideloading Is Coming to Android appeared first on Penetration Testing Tools.

ESET found PromptLock, the first AI-driven ransomware, using OpenAI’s gpt-oss:20b via Ollama to generate and run malicious Lua scripts. In a series of messages published on X, ESET Research announced the discovery of the first known AI-powered ransomware, named PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to […]

On August 24, 2025, the world marked the 30th anniversary of Windows 95—Microsoft’s first truly mass-market 32-bit consumer operating system, a release that profoundly reshaped personal computing. In an era of limited home internet,...

The post The Operating System That Changed Everything: Windows 95 Turns 30 appeared first on Penetration Testing Tools.

The creator of the spyware TheTruthSpy—the Vietnamese company 1Byte Software, led by Vanh (Vardi) Tiu—has once again found itself at the center of a major scandal. Independent security researcher Swarang Veid has uncovered a...

The post Spyware Exposed: A Critical Unpatched Flaw in TheTruthSpy Puts Thousands at Risk appeared first on Penetration Testing Tools.

Google is warning of a new credential theft campaign targeting Salesforce customers via Salesloft Drift

A newly documented cache deception attack leverages mismatches in path normalization and delimiter handling between caching layers and origin servers to expose sensitive endpoints and steal authentication tokens. Researchers have demonstrated how subtle discrepancies in URL processing can trick a content delivery network (CDN) into caching protected resources—only for an attacker to retrieve them later, […]

The post New Cache Deception Attack Exploits Miscommunication Between Cache and Web Server appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Auchan retail chain has fallen victim to a cyber incident targeting its customer loyalty program. This time, attackers gained access to the personal data of clients registered in the Waaoh loyalty scheme. Information...

The post Auchan Suffers Another Data Breach, Exposing Customer Loyalty Data appeared first on Penetration Testing Tools.

小旺AI截图是一款适用于Windows和macOS的全功能截图录屏工具，支持OCR文字识别、翻译、解释等AI功能，并提供带壳截图、长截图、贴图等多种特色功能。软件小巧高效，内存占用低，值得尝试。

GreyNoise has observed a sharp and highly atypical surge in reconnaissance activity targeting Microsoft Remote Desktop Web Access and the RDP Web Client: 1,971 unique IP addresses were active simultaneously, whereas the company typically...

The post GreyNoise Detects Massive Surge in RDP Web Access Probing: Prelude to Password Attacks? appeared first on Penetration Testing Tools.

16 岁的 Adam Raine 自杀前曾花了几个月时间与 OpenAI 的聊天机器人 ChatGPT 讨论其自杀计划。他的父母 Matt 和 Maria Raine 本周提起诉讼，指控 ChatGPT 杀死了他们的孩子。这是首例与 AI 机器人相关的过失致死（wrongful death）案。AI 聊天机器人通常都设有安全保护功能，如果用户表达出自残或伤害他人的意图，安全功能会启用。然而 AI 聊天机器人的安全功能也很容易绕过，一种众所周知的方法是要求聊天机器人从创作或世界构建等的角度谈论了一个角色。在本案中，Adam Raine 就使用该方法一步步制定了自己的自杀计划。OpenAI 通过官方博客证实 ChatGPT 的安全保障措施存在局限性。

Бездействие стоило провайдерам связи лицензии. Регуляторы вынесли справедливый вердикт.

A new study by specialists at The Trail of Bits has revealed a previously unknown vulnerability in the Google Gemini ecosystem and its associated services, enabling the covert exfiltration of user data through images...

The post Invisible Prompts: A New Attack Uses Malicious Images to Hijack Gemini AI appeared first on Penetration Testing Tools.

The Government Accountability Project submitted a protected disclosure from Charles Borges—SSA’s Chief Data Officer—to the Office of Special Counsel and congressional oversight committees. Borges reports that since DOGE’s inception in January 2025, its officials have systematically circumvented SSA’s normal review procedures and a March 20, 2025 temporary restraining order forbidding external access to live Social […]

The post DOGE Allegedly Uploaded SSA’s Live Numident Database to Unsecured Cloud Server appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.