Aggregator

分享一篇文章。

2025年9月18日，深瞳漏洞实验室监测到一则谷歌-Chrome组件存在类型混淆漏洞的信息，漏洞编号：CVE-2025-10585，漏洞威胁等级：高危。

Подробности нового распоряжения и как оно ударит по рынку ИИ.

The world’s leading artificial intelligence firms, OpenAI and Anthropic, have disclosed that over the past year they collaborated

The post Top AI Firms Expose Flaws in Models to Government Researchers appeared first on Penetration Testing Tools.

A newly discovered video injection tool for iOS devices that have been jailbroken poses a serious threat to modern digital identity verification. Developed to run on iOS 15 or later, this highly specialized toolkit can circumvent weak biometric checks and even exploit services lacking any biometric safeguards. Its emergence marks a troubling shift toward automated, […]

The post New iOS Video Injection Tool Bypasses Biometric Locks on Jailbroken iPhones appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers from the ByteRay team have disclosed a critical vulnerability in TP-Link routers that enables remote execution of

The post Critical Flaw Discovered in TP-Link Routers appeared first on Penetration Testing Tools.

Remote Monitoring and Management tools such as ConnectWise ScreenConnect have earned a reputation for simplifying IT administration, but they have also drawn the attention of sophisticated attackers. By abusing ScreenConnect’s trusted installation footprint and deep system privileges, adversaries are now trojanizing installers to deploy dual Remote Access Trojans (RATs)—AsyncRAT and a custom PowerShell RAT—against U.S. […]

The post Weaponized ScreenConnect App Spreads AsyncRAT and PowerShell RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Jaguar Land Rover has found itself mired in a protracted crisis following a recent cyberattack that crippled both

The post Jaguar Land Rover Cyberattack: Third Week of Disruption, £50M in Losses appeared first on Penetration Testing Tools.

Astra Security has launched its API Security Platform, designed to identify undocumented, zombie, and shadow APIs that threaten infrastructure and expose sensitive PII. Instead of relying on reactive, siloed detection tools, Astra’s platform delivers proactive, automated protection against attackers exploiting APIs to compromise systems. Most businesses lack API inventory, and developers rarely run active security tests on the APIs they build. Astra API Security Platform solves for both, providing visibility into APIs that a company … More →

The post Astra API Security Platform secures undocumented and vulnerable APIs appeared first on Help Net Security.

Experts from Zscaler ThreatLabz have uncovered two malicious packages in the PyPI repository that, upon installation and import,

The post New Python Trojan “SilentSync” Found on PyPI appeared first on Penetration Testing Tools.

An independent researcher named Andreas, author of the blog Anagogistis, has uncovered severe vulnerabilities in the Linux clients

The post PureVPN’s Linux Clients Expose IPv6 Addresses & Disable Firewalls appeared first on Penetration Testing Tools.

CISO 和安全领导者可能会因为一系列原本可以避免的错误，影响自己的职业发展。

Proofpoint has published an analysis detailing a series of targeted phishing campaigns attributed to a group linked to

The post TA415 Espionage: New Chinese Cyber Attacks Target U.S. Officials appeared first on Penetration Testing Tools.

A sophisticated phishing campaign has recently emerged, targeting Facebook users with carefully crafted emails designed to harvest login credentials. Attackers leverage the platform’s own external URL warning system to cloak malicious links, presenting URLs that appear legitimate while redirecting victims to counterfeit Facebook login pages. The initial lure arrives as an urgent security notification, warning […]

The post New Phishing Attack Targets Facebook Users to Steal Login Credentials appeared first on Cyber Security News.

Researchers from the Lat61 Threat Intelligence Team have published a comprehensive analysis of Raven Stealer, a lightweight, furtive

The post Raven Stealer: The New Infostealer Using Telegram to Steal Your Data appeared first on Penetration Testing Tools.

Researchers at Specops have updated their study on cracking passwords hashed with bcrypt. Two years earlier they published

The post New GPUs Make Hacking Passwords Easier. Is Yours Still Safe? appeared first on Penetration Testing Tools.

Microsoft researchers have unveiled Sploitlight, a practical technique for bypassing macOS’s TCC protections by abusing Spotlight plugins—an exploit

The post Microsoft Discovers macOS Flaw That Leaks Apple Intelligence Data appeared first on Penetration Testing Tools.

Krasnoyarsk Regional Airlines (KrasAvia) confirmed a sophisticated cyberattack that has rendered its primary online services inoperable.  The breach targeted the airline’s web portal and associated back-end systems, including the Passenger Service System (PSS) and flight planning applications.  As a result, passengers are currently unable to complete e-ticket purchases or check in online, prompting KrasAvia to […]

The post Russian Airline Suffered Cyberattack Website and Other Systems Affected appeared first on Cyber Security News.

Researchers at TyphoonPWN, participating in the TyphoonPWN 2025 contest, uncovered a critical flaw in LG WebOS firmware that

The post Critical Flaw Discovered in LG Smart TVs appeared first on Penetration Testing Tools.