Aggregator

In 2025, Southeast Asia witnessed a pronounced escalation in cyber-espionage operations, meticulously cloaked in missives pertaining to regional

The post Dragon in the Archives: How “Amaranth-Dragon” Weaponized a WinRAR Zero-Day to Spy on Southeast Asia appeared first on Penetration Testing Tools.

You must login to view this content

The n8n workflow automation platform is once again embroiled in a significant security crisis. In a recently disseminated

The post Sandbox Shattered: New n8n Critical Flaw CVE-2026-25049 Exposes AI Workflows to Full Takeover appeared first on Penetration Testing Tools.

A critical vulnerability within the Teleport remote access framework has been unearthed and meticulously deconstructed, revealing a methodology

The post The Nested Forgery: How a Hidden Flaw in Teleport’s SSH Logic Grants Total Server Ingress appeared first on Penetration Testing Tools.

Adversaries are increasingly inaugurating their offensives not with conventional malware, but by subverting legitimate remote access credentials. A

The post The Forensic Backfire: How Hackers Weaponized a Legacy EnCase Driver to Decapitate Modern EDR appeared first on Penetration Testing Tools.

A critical use-after-free (UAF) vulnerability in the Linux kernel’s sch_cake queuing discipline (Qdisc) affects CentOS 9, allowing local users to gain root privileges. Security firm SSD Secure Disclosure published details on February 5, 2026, noting the flaw won first place in the Linux category at TyphoonPWN 2025. The issue arises in the cake_enqueue function of […]

The post New CentOS 9 Vulnerability Lets Attackers Escalate to Root Privileges – PoC Released appeared first on Cyber Security News.

Security specialists at Silent Push have unearthed a pervasive wave of SystemBC infections, a malware strain that surreptitiously

The post The Silent Pivot: Global SystemBC Botnet Ensnares 10,000+ IPs, Including Government Portals appeared first on Penetration Testing Tools.

Security analysts at Datadog have unmasked an ongoing traffic interception campaign targeting NGINX servers and hosting management interfaces,

The post The Invisible Proxy: How Hackers Are Weaponizing NGINX and Baota Panels to Hijack Web Traffic appeared first on Penetration Testing Tools.

A critical subversion of the Windows application control mechanism has been unearthed, involving the exploitation of AppLocker configurations

The post Blinding the Watchmen: How “GhostLocker” Weaponizes Windows AppLocker to Paralyze EDR appeared first on Penetration Testing Tools.

In the clandestine digital underworld, a prominent purveyor of code-signing certificates has executed a high-profile disappearance. The Global

The post Shadows Vanish: The “Global Man” Exit Scam Leaves Malware Operators in the Dark appeared first on Penetration Testing Tools.