A vulnerability in the widely used AI deployment tool Ollama exposed users to the risk of drive-by attacks, enabling malicious actors to surreptitiously interfere with the local application through a specially crafted website. Exploitation...
The post Flawed AI Tool: How a Simple Website Could Have Hijacked Your Ollama App appeared first on Penetration Testing Tools.
A hacker who targeted websites across North America, Yemen, and Israel, stealing the credentials of millions of users, has been sentenced to prison. 26-year-old Al-Taheri Al-Mashriki, from Rotherham, South Yorkshire, was arrested in August...
The post The Spider Team Hacker: How a UK Man Stole 4 Million Passwords appeared first on Penetration Testing Tools.
The United Kingdom has formally accused North Korea of stealing £17 million ($22.8 million) in cryptocurrency from Lykke, a London-registered exchange. The breach forced the platform to suspend operations, cease activity altogether, and ultimately...
The post North Korea’s Digital Heist: The £17M Crypto Theft That Brought Down an Exchange appeared first on Penetration Testing Tools.
The book From Day Zero to Zero Day, published by No Starch Press, has been released, offering a comprehensive introduction to the fundamentals of vulnerability research. The author presented it at DEF CON 33...
The post Beyond the Cookie Jar: Uncovering Privacy Flaws in Google’s New Ad Tech appeared first on Penetration Testing Tools.
Experts at Red Canary have uncovered an unusual campaign leveraging a newly identified strain of malware, DripDropper, specifically targeting cloud-based Linux servers. The attackers gained initial access through CVE-2023-46604 in Apache ActiveMQ, after which...
The post The DripDropper Paradox: Why Attackers Are Patching the Vulnerabilities They Exploit appeared first on Penetration Testing Tools.
The legendary hacker journal Phrack has turned forty, marking the occasion with its anniversary 72nd issue, published on August 19, 2025. Founded in the mid-1980s, this iconic publication is regarded as one of the...
The post Phrack at 40: The Legendary Hacker Zine Celebrates Four Decades of Security and Subversion appeared first on Penetration Testing Tools.
Cybercriminal groups are building entire infrastructures to propagate infostealers—malicious programs designed to steal passwords, payment card details, and other sensitive information from infected devices. Analysts describe what they call the “Stealer Ecosystem,” where the...
The post Inside the “Stealer Ecosystem”: How the Cybercrime Economy Professionalized Data Theft appeared first on Penetration Testing Tools.
SSTImap SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to...
The post SSTImap: About Automatic SSTI detection tool appeared first on Penetration Testing Tools.
exifLooter ExifLooter finds geolocation on all image urls and directories and also integrates with OpenStreetMap. Installation go install github.com/aydinnyunus/exifLooter@latest Exif Looter depends on exiftool, so make sure it is on your PATH. Use Analyze Image...
The post exifLooter: finds geolocation on all image urls and directories also integrates with OpenStreetMap appeared first on Penetration Testing Tools.
BloodHound Attack Research Kit BARK stands for BloodHound Attack Research Kit. It is a PowerShell script built to assist the BloodHound Enterprise team with researching and continuously validating abuse primitives. BARK currently focuses on...
The post BARK: BloodHound Attack Research Kit appeared first on Penetration Testing Tools.
Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire...
The post AWSGoat: Damn Vulnerable AWS Infrastructure appeared first on Penetration Testing Tools.
The developers of the Python Package Index (PyPI) have announced the introduction of a new email domain verification mechanism aimed at curbing attacks that exploit expired domains and reducing the risk of package compromise....
The post PyPI Fights Back: New Security Feature Prevents Account Takeovers via Expired Domains appeared first on Penetration Testing Tools.
The Noodlophile malware campaign has entered a new phase, steadily expanding its reach across more countries. Morphisec researcher Shmuel Uzan has reported that attackers have shifted to using phishing emails disguised as copyright infringement...
The post Beyond the Inbox: How a New Phishing Campaign Leverages Copyright Claims to Deliver Noodlophile Malware appeared first on Penetration Testing Tools.
Google, Kairos Power, and the Tennessee Valley Authority (TVA), a federal energy corporation, have entered into an agreement to supply nuclear energy for data centers in the United States. The deal forms part of...
The post The AI-Nuclear Alliance: Google and TVA Partner to Power Data Centers with Next-Gen Reactors appeared first on Penetration Testing Tools.
On a well-known data leak forum, a post has surfaced advertising the sale of a database allegedly containing 15.8 million PayPal accounts, complete with email addresses and plaintext passwords. The seller claims the information...
The post A “15.8 Million” Account Leak? Hackers Claim New PayPal Data Dump, Company Denies Breach appeared first on Penetration Testing Tools.
Washington and London have at last managed to reach an accord on an issue that threatened to escalate into a serious diplomatic and technological conflict. U.S. Director of National Intelligence Tulsi Gabbard announced that...
The post UK Government Drops Demand for iCloud Backdoor appeared first on Penetration Testing Tools.
A serious incident was recently uncovered on Lenovo’s website involving its corporate chatbot, Lena, designed to assist customers. Cybernews researchers revealed that Lena was vulnerable to an XSS-based attack chain, enabling attackers—through nothing more...
The post A Single Prompt Is All It Takes: Lenovo Chatbot Vulnerability Exposes Customers and Staff appeared first on Penetration Testing Tools.
At the beginning of 2025, Trellix specialists uncovered a sweeping cyber-espionage campaign targeting diplomatic missions in Seoul. Between March and July, at least nineteen phishing attacks were recorded, in which North Korean–linked actors impersonated...
The post Inside Kimsuky’s GitHub-Powered Cyber-Espionage Campaign appeared first on Penetration Testing Tools.
TikTok has found itself at the center of a new scandal following an investigation by 404 Media: through TikTok Shop, vast numbers of GPS trackers and covert audio devices are being sold, brazenly advertised...
The post TikTok Shop Is Selling GPS Trackers and Audio Recorders for Stalking Partners appeared first on Penetration Testing Tools.
The HexStrike AI repository has released HexStrike AI MCP Agents v6.0—a powerful framework for automating penetration tests. The system integrates more than 150 security tools and 12 autonomous AI agents operating through the FastMCP...
The post “Automated and Dangerous”: A New AI Framework Can Run 150+ Hacking Tools Autonomously appeared first on Penetration Testing Tools.
