Cymulate Research Labs has uncovered a local privilege escalation vulnerability in Microsoft Windows Admin Center (WAC) version 2.4.2.1,
The post SYSTEM via WAC: How a Permissions Oversight in Windows Admin Center Leads to Full Host Compromise appeared first on Penetration Testing Tools.
Japanese company Internet Initiative Japan (IIJ) has reported observing a new variant of the malware known as Type
The post The Silent Listener: New DRBControl Backdoor Variant Uses Network Sniffing to Evade Detection appeared first on Penetration Testing Tools.
A security researcher has demonstrated how a “booby-trapped” e-book can turn an ordinary Kindle into a gateway to
The post The Trojan Book: How a Malicious E-book Can Hijack Your Entire Amazon Account appeared first on Penetration Testing Tools.
Researchers at Koi Security have identified a new malicious campaign dubbed GhostPoster, targeting users of the Firefox browser.
The post Hidden in Plain Sight: How the GhostPoster Campaign Injected Malware Into 50,000 Firefox Users appeared first on Penetration Testing Tools.
A covert threat has been uncovered within the .NET ecosystem, stemming from the substitution of a widely used
The post The Five-Year Sleeper: Malicious NuGet Package Poses as Tracer.Fody to Drain Crypto Wallets appeared first on Penetration Testing Tools.
Microsoft has announced plans to retire the legacy RC4 algorithm from Windows authentication. The company is preparing changes
The post Kill the Cipher: Microsoft to Disable RC4 Authentication by Mid-2026—Are You Ready? appeared first on Penetration Testing Tools.
By the end of 2025, the internet had become even more tightly bound to cloud infrastructure, mobile traffic,
The post Internet Rewired: Cloudflare 2025 Report Reveals a 19% Traffic Surge and the Rise of AI Bot Wars appeared first on Penetration Testing Tools.
A new wave of pressure targeting Israeli professionals linked to the defense sector has moved beyond conventional cyberattacks
The post Digital Crosshairs: Iran-Linked “Handala” Group Offers $30K Bounties for Israeli Engineers appeared first on Penetration Testing Tools.
In the run-up to the New Year holidays, underground marketplaces often see a surge of freshly minted data-stealing
The post Naughty List: SantaStealer Malware Unwrapped—The “New” Holiday Threat is Just Rebranded Code appeared first on Penetration Testing Tools.
The Danish government has opened a public consultation on amendments to copyright and broadcasting laws that would make
The post The VPN Stand-off: Denmark Backtracks on Controversial VPN Ban Amid Authoritarian Concerns appeared first on Penetration Testing Tools.
SpeechRuntimeMove Lateral Movement via SpeechRuntime DCOM trigger & COM Hijacking. This Proof of Concept (PoC) for Lateral Movement
The post Silent Pivot: Exploiting SpeechRuntimeMove for Stealthy Lateral Movement via DCOM appeared first on Penetration Testing Tools.
One of the key defensive barriers against the creation of fake online accounts has proven alarmingly fragile—capable of
The post Cheap Bots for Sale: Cambridge Study Reveals SMS Verification Bypassed for Just 8 Cents appeared first on Penetration Testing Tools.
Over a three-month observation period, Forescout researchers recorded more than 60 million malicious requests targeting devices positioned at
The post Perimeter Under Siege: 60 Million Attacks Target Industrial Edge Routers in 90-Day Surge appeared first on Penetration Testing Tools.
While monitoring digital threat activity, researchers at Seqrite Labs uncovered a new targeted campaign dubbed Operation MoneyMount-ISO. The
The post The Ghost in the Machine: Operation MoneyMount-ISO Uses Fake Payment Lures to Unleash Phantom Stealer appeared first on Penetration Testing Tools.
Within cybercriminal circles, the emergence of a new command-and-control framework known as Weyhro C2 has been observed. Its
The post Ransomware Groups Pivot: The Rise of Weyhro C2, a New Advanced Command-and-Control Platform appeared first on Penetration Testing Tools.
Since early August 2025, Zscaler researchers have been tracking the spread of a new phishing kit known as
The post MFA Under Siege: The Rise of BlackForce, the Sophisticated “Live” Phishing Kit Targeting 11+ Global Brands appeared first on Penetration Testing Tools.
Many of us have installed an app “just once”—simply to breeze through registration, dismiss pop-ups, and finally reach
The post Digital Diaries: Is Your Smart Sex Toy Collecting More Data Than You Realize? appeared first on Penetration Testing Tools.
Freedom Chat, an application marketed as a secure messaging platform, has been exposed to serious risk following the
The post Privacy Paradox: Freedom Chat Exposed User Phone Numbers and Secret PINs in Major Security Breach appeared first on Penetration Testing Tools.
PornHub has stated that it has become the target of extortion by the ShinyHunters group, which claims to
The post Intimacy for Ransom: ShinyHunters Extorts PornHub Over 200M Stolen Premium Search & Watch Records appeared first on Penetration Testing Tools.
Venezuela’s state-owned oil company PDVSA has reported a cyberattack on its systems, stressing that oil production and refining
The post Oil Exports Paralyzed: PDVSA Administrative Collapse Traps 11M Barrels After Ransomware Attack appeared first on Penetration Testing Tools.
