A newly disclosed vulnerability in the HTTP/2 protocol, dubbed MadeYouReset (CVE-2025-8671), was revealed on August 13, 2025. The
The post MadeYouReset: A New HTTP/2 Flaw That Could Lead to DoS Attacks appeared first on Penetration Testing Tools.
Anthropic has announced an expansion of regional restrictions governing access to its services. Previously, availability was curtailed in
The post Anthropic Blocks Foreign Subsidiaries to Prevent AI Misuse appeared first on Penetration Testing Tools.
A critical vulnerability has been identified in Apache Jackrabbit, exposing systems to remote code execution and the potential
The post Critical Apache Jackrabbit Flaw Could Lead to Corporate Compromise appeared first on Penetration Testing Tools.
In mid-August, researchers encountered a new ransomware strain, Cephalus, in two separate incidents. Following the recent emergence of
The post Cephalus: The New Ransomware Strain Using Legitimate Binaries to Attack appeared first on Penetration Testing Tools.
The Australian Institute of Criminology has unveiled a comprehensive study exposing the inner workings of ransomware syndicates and
The post Anatomy of a Ransomware Gang: How Short-Lived Criminal Groups Inflict Massive Damage appeared first on Penetration Testing Tools.
In recent months, specialists at Acronis TRU have observed a surge in attacks where adversaries deploy counterfeit installers
The post Hackers Are Using a Fake ScreenConnect to Deliver Multiple RATs appeared first on Penetration Testing Tools.
Penelope is a powerful shell handler built as a modern netcat replacement for RCE exploitation, aiming to simplify,
The post Penelope: The Modern Shell Handler That’s Redefining RCE Exploitation appeared first on Penetration Testing Tools.
Two security researchers, operating under the pseudonyms BobDaHacker and BobTheShoplifter, have claimed to uncover “catastrophic” vulnerabilities in the
The post A “Catastrophic” Flaw in Burger King’s Parent Company Exposed appeared first on Penetration Testing Tools.
A critical vulnerability, CVE-2025-42957, has been identified in SAP S/4HANA, carrying a near-maximum CVSS score of 9.9. The
The post Critical SAP S/4HANA Flaw Exposes Systems to Full Compromise appeared first on Penetration Testing Tools.
On August 20, Apple released an unscheduled security update for all major platforms—iOS, iPadOS, macOS, and others. The
The post Apple Issues Urgent Patch for Zero-Click Image Flaw appeared first on Penetration Testing Tools.
PortSwigger researcher Gareth Hayes has unveiled a novel technique for stealing data directly from HTML attributes using inline
The post CSS Injection Can Now Steal Data with Just One Line of Code appeared first on Penetration Testing Tools.
Security researcher Matthew Bryant has introduced a new tool called Thermoptic—an HTTP proxy that disguises network requests as
The post Thermoptic: The New HTTP Proxy That Makes Your Traffic Vanish appeared first on Penetration Testing Tools.
The Seqrite Labs APT-Team has uncovered a new campaign targeting Kazakhstan’s energy sector. Tracked since April 2025, the
The post Anatomy of a Cyberattack: Inside the Campaign Against Kazakhstan’s Energy Sector appeared first on Penetration Testing Tools.
Andrew Ferguson, Chairman of the U.S. Federal Trade Commission (FTC), sent a letter to Google CEO Sundar Pichai
The post Why the FTC’s Accusations Against Gmail’s Spam Filter Are Misguided appeared first on Penetration Testing Tools.
Company X, formerly known as Twitter, has begun the phased rollout of a new encrypted messaging service called
The post XChat’s Encrypted Messages Are Not as Secure as They Seem appeared first on Penetration Testing Tools.
The GhostAction attack stands as one of the most significant compromises of the GitHub ecosystem in recent years.
The post GhostAction: The Supply Chain Attack That Stole 3,325 GitHub Secrets appeared first on Penetration Testing Tools.
At the end of August, Canadian fintech company Wealthsimple reported a security incident that affected a small fraction
The post Wealthsimple Confirms Data Breach, Cites Third-Party Vulnerability appeared first on Penetration Testing Tools.
Experts at eSentire have reported the discovery of a new botnet known as NightshadeC2, which employs unconventional techniques
The post NightshadeC2 Botnet Is Using “UAC Prompt Bombing” to Bypass Defenses appeared first on Penetration Testing Tools.
Havoc Havoc is a modern and malleable post-exploitation command and control framework, created by @C5pider. Features Client Cross-platform UI
The post Havoc: modern and malleable post-exploitation command and control framework appeared first on Penetration Testing Tools.
The threat group TAG-150, which researchers associate with the development of the CastleLoader malware, has expanded its arsenal
The post CastleRAT: The New MaaS Threat Expanding the Cybercrime Toolkit appeared first on Penetration Testing Tools.
