Unknown threat actors have begun disseminating a counterfeit version of the SonicWall application, designed to steal credentials used to access VPNs. The campaign was uncovered by experts at SonicWall and Microsoft, who detected attempts...
The post SonicWall Warns: Trojanized NetExtender VPN Client Stealing Credentials in Active Campaign appeared first on Penetration Testing Tools.
Hollowise is a Windows-based tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques. It allows for stealth execution of debuggers and code and network analizers by replacing the memory of a suspended process (e.g. calc.exe) with...
The post Hollowise: New Windows Tool Enables Stealthy Code Execution via Process Hollowing & PPID Spoofing appeared first on Penetration Testing Tools.
The Pakistani cyber-espionage group APT36, also known as Transparent Tribe, has launched a sophisticated new phishing campaign targeting personnel within India’s defense sector. Experts at CYFIRMA have uncovered that the threat actors are employing...
The post APT36 Unleashes Advanced Phishing Against Indian Defense Personnel: New Anti-Analysis Malware & NIC Impersonation appeared first on Penetration Testing Tools.
At the international Botconf conference held in May 2025 in Angers, France, experts from NICT CSRI unveiled the findings of their three-year investigation into the RapperBot malware. Their conclusions were alarming: this evolved variant...
The post RapperBot Unleashed: Sophisticated Mirai Variant Targets DVRs, Launches HTTPS DDoS Attacks appeared first on Penetration Testing Tools.
Experts at NeuralTrust have reported a newly identified and dangerous method of bypassing neural network safeguards, dubbed Echo Chamber. This technique enables bad actors to subtly coax large language models (LLMs)—such as ChatGPT and...
The post “Echo Chamber” Attack Uncovered: New Jailbreak Bypasses LLM Safeguards with Subtle Context Manipulation appeared first on Penetration Testing Tools.
The British Cyber Monitoring Centre (CMC) has released its first official assessment of the damage caused by recent cyberattacks that disrupted major retail chains across the country. According to estimates, total financial losses range...
The post UK Retail Cyberattacks Cost Up to £440M: Cyber Monitoring Centre Unveils First Damage Assessment appeared first on Penetration Testing Tools.
The United States has issued a warning regarding potential cyberattacks from pro-Iranian groups following a series of airstrikes on Iran’s nuclear facilities—strikes that have escalated into an armed conflict between Iran and Israel, which...
The post US Warns of Iranian Cyberattacks After Airstrikes: Truth Social Hit, Infrastructure at Risk appeared first on Penetration Testing Tools.
In May, Telegram launched what appeared to be a decisive strike against the shadowy Chinese-speaking underworld of cryptocurrency fraud by blocking its largest marketplaces—platforms rife with services for money laundering, the trade of stolen...
The post Crypto Black Markets Rebound: Telegram’s Purge Fails as Money Laundering Hubs Resurface appeared first on Penetration Testing Tools.
Users weary of pervasive surveillance and incessant advertising have long sought ways to reclaim a measure of control over their digital lives. Yet one must ask—what assurance exists that the latest privacy solution is...
The post Securonis Linux: The Ultimate Privacy OS That Routes All Your Traffic Through Tor by Default appeared first on Penetration Testing Tools.
A large-scale cyber-espionage campaign has been uncovered in Canada, reportedly orchestrated by a threat group known as Salt Typhoon, which authorities believe is linked to China. The operation was disclosed in a joint advisory...
The post Salt Typhoon Strikes Canada: China-Linked APT Breaches Telecom, Exploits Cisco Routers for Espionage appeared first on Penetration Testing Tools.
Trend Micro recently received a confidential report from a security researcher disclosing a critical vulnerability in WinRAR version 7.11 and earlier. This high-risk flaw allows threat actors to execute arbitrary code by crafting malicious...
The post WinRAR Flaw (CVE-2025-6218): Remote Code Execution via Directory Traversal, Patch Available! appeared first on Penetration Testing Tools.
As support for Windows 10 is scheduled to end on October 14, 2025, Microsoft has introduced a paid Extended Security Updates (ESU) program for individuals and organizations unable to transition to Windows 11. Through...
The post Windows 10 Endgame: Microsoft Launches Paid and Free ESU Options Before 2025 Deadline appeared first on Penetration Testing Tools.
UUSEC WAF Web Application Firewall is an industrial grade free, high-performance, and highly scalable web application and API security protection product that supports AI and semantic engines. It is a comprehensive website protection product launched...
The post UUSEC WAF: Free, Industrial-Grade Web Application Firewall with AI & Three-Layer Defense appeared first on Penetration Testing Tools.
One of the world’s leading cryptocurrency tracking platforms, CoinMarketCap, has fallen victim to a sophisticated cyberattack. Visitors to the site were unexpectedly confronted with intrusive Web3 pop-ups, seemingly inviting them to connect their wallets....
The post CoinMarketCap Hacked: “Doodle” Graphic Delivers Wallet Drainer, $43K+ Stolen appeared first on Penetration Testing Tools.
Your personal photographs are increasingly becoming the target of malicious actors. Smartphones have long since evolved from mere communication tools into vast repositories of intimate data—ranging from vacation plans and cherished family photos to...
The post SparkKitty Unleashed: New Mobile Spyware Steals Crypto Seed Phrases from Your Photos appeared first on Penetration Testing Tools.
The OpenVPN team has issued a warning regarding a vulnerability found in the Windows driver of its VPN client, which could allow malicious actors to crash the system. Catalogued as CVE-2025-50054, the flaw was...
The post OpenVPN Flaw (CVE-2025-50054) Allows Local Users to Crash Windows Systems appeared first on Penetration Testing Tools.
The cybercriminal syndicate Qilin, known for its Ransomware-as-a-Service (RaaS) operations, has introduced a new tactic aimed at intensifying pressure on victims—its affiliates can now request legal assistance directly through the group’s internal control panel....
The post Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Ransoms appeared first on Penetration Testing Tools.
In May 2025, Cloudflare successfully mitigated the largest distributed denial-of-service (DDoS) attack ever recorded, which peaked at an unprecedented 7.3 terabits per second. The target was a major hosting provider protected by Magic Transit,...
The post Cloudflare Mitigates Record 7.3 Tbps DDoS Attack: Largest Ever Recorded appeared first on Penetration Testing Tools.
A critical vulnerability discovered in the WordPress visual theme “Motors” has enabled hackers to seize administrative privileges en masse, granting them full control over compromised websites. Identified as CVE-2025-4322, the flaw represents a privilege...
The post WordPress “Motors” Theme Critical Flaw (CVE-2025-4322, CVSS 9.8): Unauthenticated Account Takeover & Mass Exploitation Underway appeared first on Penetration Testing Tools.
A group of hackers orchestrated a meticulously planned campaign targeting Gmail users, successfully bypassing two-factor authentication and gaining unauthorized access to their accounts. The operation was aimed at prominent experts in international security and...
The post Russian APT UNC6293 Exploits Google App Passwords to Bypass 2FA, Hacks Prominent Critics appeared first on Penetration Testing Tools.
