Researchers from University College London and the University of the Mediterranean in Reggio Calabria, Italy, have conducted the first large-scale investigation into privacy practices among generative AI assistants for web browsers, revealing that even...
The post AI Browser Assistants Secretly Harvest Your Data, Study Finds appeared first on Penetration Testing Tools.
Israel’s military intelligence unit, Unit 8200—specializing in cyber-espionage and electronic surveillance—has been using Microsoft’s cloud servers to store a vast archive of data on residents of Gaza and the West Bank. This trove, leveraged...
The post Microsoft Azure Used to Store Vast Trove of Palestinian Surveillance Data, Investigation Reveals appeared first on Penetration Testing Tools.
Google has announced that the protected KVM (pKVM) hypervisor, used within the Android Virtualization Framework, has become the world’s first software component for mass-market consumer electronics to achieve the SESIP Level 5 security certification....
The post Google’s Android Hypervisor Achieves Highest Security Certification for Consumer Electronics appeared first on Penetration Testing Tools.
Microsoft has alerted Windows 11 users to a new false notification that appears after installing the July 2025 preview update and subsequent 24H2 releases. The issue is linked to the CertificateServicesClient (CertEnroll) component and...
The post Microsoft Confirms Harmless Bug in Windows 11 Update That Generates Misleading Error Logs appeared first on Penetration Testing Tools.
Microsoft has released a new video interview with Pavan Davuluri, head of Windows, in which he outlined the company’s vision for the platform’s evolution and the transformative role artificial intelligence will play. When asked...
The post Ambient and Multi-modal”: Windows Head Outlines a Radical AI-Powered Future for the OS appeared first on Penetration Testing Tools.
Fortinet has disclosed a critical vulnerability in its FortiSIEM system, already accompanied by a working exploit circulating publicly. The flaw enables a remote, unauthenticated attacker to execute arbitrary commands on the targeted system, making...
The post Critical FortiSIEM Flaw: Fortinet Urges Immediate Patching as Public Exploit Circulates appeared first on Penetration Testing Tools.
The Matrix Foundation, the organization behind the eponymous federated communication protocol, has announced the release of an unscheduled update addressing two high-severity vulnerabilities which, if successfully exploited, could have had critical consequences. According to...
The post High-Severity Flaws Found in Matrix Protocol, Posing Risk to Government Communications appeared first on Penetration Testing Tools.
Although passkeys are promoted as a passwordless, phishing-resistant, and inherently secure authentication method, Proofpoint researchers warn that such protection can be bypassed with relative ease. Under certain conditions, an attacker can force a user...
The post Passkeys Are Not Phishing-Proof: A New Attack Bypasses Passwordless Security appeared first on Penetration Testing Tools.
Whonix 17.4, a distribution purpose-built for uncompromising anonymity online, has been released. Based on Debian GNU/Linux, the system routes all network traffic exclusively through Tor, with its source code available under the GPLv3 license....
The post Whonix 17.4 Is Here: A New Era of Uncompromising Online Anonymity appeared first on Penetration Testing Tools.
Several years ago, Google engineers began developing the Address Space Isolation (ASI) mechanism for the Linux kernel, designed to shield systems from attacks exploiting speculative processor execution. The aim was to create a universal...
The post ASI is Back: Google Revives a Linux Kernel Defense Against CPU Attacks appeared first on Penetration Testing Tools.
Researchers have reported a sharp surge in credential-stuffing attempts targeting Fortinet devices with SSL VPN enabled. On August 3, 2025, GreyNoise detected a wave of suspicious traffic involving more than 780 distinct IP addresses....
The post A Storm on the Horizon: Fortinet SSL VPNs Hit by Credential-Stuffing Attacks appeared first on Penetration Testing Tools.
Microsoft has announced that in three months, devices running Windows 11 version 23H2 in the Home and Pro editions will cease to receive updates. Support for Enterprise and Education editions will continue until November...
The post Time to Update: Windows 11 23H2 Home and Pro Editions Are Losing Support Soon appeared first on Penetration Testing Tools.
Researchers at ETH Zurich have unveiled a novel attack against AMD’s SEV-SNP hardware isolation mechanism, enabling a hypervisor-level adversary to extract sensitive data from protected virtual machines. Dubbed Heracles, the attack demonstrates how to...
The post Heracles: New Attack Exploits AMD SEV-SNP to Steal Data from Protected VMs appeared first on Penetration Testing Tools.
The hacker groups ShinyHunters and Scattered Spider, once operating independently, now appear to have joined forces in a coordinated campaign to extort data from Salesforce’s corporate clients. As noted by ReliaQuest, ShinyHunters has undergone...
The post The Alliance of Chaos: How ShinyHunters and Scattered Spider Merged to Target Salesforce appeared first on Penetration Testing Tools.
Bitdefender researchers have identified a previously unknown cyber-espionage group, provisionally dubbed Curly COMrades. According to the report, the threat actors are focused on maintaining long-term, covert access to the infrastructure of Georgian governmental and...
The post Curly COMrades: The Stealthy Cyber-Espionage Group You Haven’t Heard Of appeared first on Penetration Testing Tools.
Authorities in Saint Paul, Minnesota, are still grappling with the aftermath of a cyberattack that crippled large portions of the city’s municipal operations. Responsibility for the incident has been claimed by the hacking group...
The post Saint Paul Cyberattack Disrupts City, Interlock Ransomware Group Claims 43GB Data Theft appeared first on Penetration Testing Tools.
U.S. authorities have disclosed the details of a July operation against the BlackSuit ransomware syndicate, a coordinated strike that dismantled the group’s infrastructure and seized its digital assets. On July 24, in an internationally...
The post Law Enforcement Dismantles BlackSuit Ransomware, Seizing Servers and $1M in Crypto appeared first on Penetration Testing Tools.
The North Korean cyber-espionage group Kimsuky has unexpectedly found itself in the role of victim after two hackers — identifying themselves as the “antithesis of Kimsuky’s values” — infiltrated its infrastructure and released stolen...
The post Kimsuky Hacked: Hackers Leak 8.9GB of Stolen Data and Tools from North Korean Group appeared first on Penetration Testing Tools.
The ESET research team has published a detailed analysis revealing how the cyber-espionage group RomCom exploited a previously unknown path-traversal vulnerability in WinRAR (CVE-2025-8088) to stealthily install malicious software on victims’ computers. This flaw...
The post WinRAR Zero-Day (CVE-2025-8088) Exploited by RomCom Hackers, ESET Warns appeared first on Penetration Testing Tools.
Researchers have determined that a critical flaw in the SSH stack implementation of Erlang/Open Telecom Platform had been actively exploited as early as May 2025, with roughly 70% of detections targeting firewalls safeguarding industrial...
The post Critical Erlang/OTP Flaw (CVE-2025-32433) Actively Exploited, Poses Major Threat to Industrial Networks appeared first on Penetration Testing Tools.
