Aggregator

As security professionals, it's easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren't from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of this threat vector, Picus Security's Blue Report 2025 shows that organizations continue to struggle with preventing

The financially motivated threat group UNC5518 has been infiltrating trustworthy websites to install ClickFix lures, which are misleading phony CAPTCHA pages, as part of a complex cyber campaign that has been monitored since June 2024. These malicious pages trick users into executing downloader scripts that initiate infection chains, often leading to malware deployment by affiliated […]

The post UNC5518 Group Hacks Legitimate Sites with Fake Captcha to Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024. Some of the notable malware families distributed using QuirkyLoader include Agent Tesla, AsyncRAT, Formbook, Masslogger, Remcos RAT,

为帮助所有白帽子在美团SRC测试过程中规避违规风险，保护平台和白帽子的安全和利益，确保平台漏洞奖励机制得以良性运作，美团安全应急响应中心发布《漏洞测试高压线V2.0》。

活动时间：2025年8月22日-9月5日

Orange Belgium revealed that a threat actor has compromised 850,000 customer accounts, with SIM card numbers among the data accessed

От миллиона до 18 миллионов: аудитория приложения взлетела за четыре месяца…

2025年Picus蓝皮书显示，密码破解攻击成功率显著上升至46%，反映出组织在密码策略和身份验证方面的重大漏洞。尽管意识到威胁，但弱密码、过时算法及缺乏多因素认证仍是主要问题。攻击者利用有效凭证轻松渗透系统，强调加强身份安全和凭证管理的迫切需求。

Apple has released critical security updates for iOS, iPadOS, and macOS addressing a newly discovered zero-day vulnerability already being actively exploited in the wild. Tracked as CVE-2025-43300, the flaw affects the ImageIO framework and...

The post Update Now: Apple Patches Critical Zero-Day Vulnerability Found in the Wild appeared first on Penetration Testing Tools.

Inotiv, a U.S.-based company headquartered in West Lafayette, Indiana, has disclosed a serious cybersecurity incident in a filing with the U.S. Securities and Exchange Commission. On August 8, 2025, the organization detected unauthorized access...

The post Inotiv Under Siege: Ransomware Attack Encrypts Biomedical Research Systems appeared first on Penetration Testing Tools.

生成式AI改变了企业对数据的使用方式，但也带来了敏感数据泄露的风险。传统安全方法已无法应对现代数据挑战。通过结合DSPM（数据安全态势管理）和DLP（数据丢失防护），企业可实时监控、分类和控制数据流动，形成闭环系统以应对AI时代的威胁。

The Australian telecommunications provider TPG Telecom has reported a serious security incident affecting the infrastructure of its subsidiary brand iiNet, which offers Australians fixed-line and mobile internet, telephony, and television services. An unidentified attacker...

The post TPG Telecom Data Breach: How One Hack Exposed 300,000 Customers appeared first on Penetration Testing Tools.

A vulnerability in the widely used AI deployment tool Ollama exposed users to the risk of drive-by attacks, enabling malicious actors to surreptitiously interfere with the local application through a specially crafted website. Exploitation...

The post Flawed AI Tool: How a Simple Website Could Have Hijacked Your Ollama App appeared first on Penetration Testing Tools.

关键词恶意软件近日，俄罗斯知名网络安全公司Doctor Web揭露了一起高度专业的间谍软件攻击事件。

关键词数据泄露近日，英国南约克郡警察局（SYP）因一起严重的数据管理事故遭到信息专员办公室（ICO）的公开谴责

关键词网络攻击美国司法部近日宣布，来自俄勒冈州尤金市的 22 岁居民 Ethan Foltz 因涉嫌运营大规模

Securing UK Hospitality SMBs and their supply chains in 2025 UK hospitality, including hotels, guesthouses, pubs, restaurants and their supply chains, thrives on reputation, efficiency, and trust. In 2025, data-driven bookings, contactless dining, and digital loyalty programmes accelerate gains, but also expose severe cyber risks. For small and medium-sized hospitality businesses, tight budgets, minimal IT […]

The post Securing UK Hospitality SMBs and their supply chains in 2025 appeared first on Clear Path Security Ltd.

The post Securing UK Hospitality SMBs and their supply chains in 2025 appeared first on Security Boulevard.

A hacker who targeted websites across North America, Yemen, and Israel, stealing the credentials of millions of users, has been sentenced to prison. 26-year-old Al-Taheri Al-Mashriki, from Rotherham, South Yorkshire, was arrested in August...

The post The Spider Team Hacker: How a UK Man Stole 4 Million Passwords appeared first on Penetration Testing Tools.