Researchers at Forcepoint X-Labs have identified a new malware campaign targeting macOS users. The attack employs an enhanced ClickFix technique—combining phishing with social engineering—to steal data from cryptocurrency wallets, browser accounts, and confidential files....
The post New ‘Odyssey Stealer’ Malware Hijacks macOS, Steals Crypto with ClickFix appeared first on Penetration Testing Tools.
At DEF CON 33, researchers from SafeBreach unveiled a new attack technique dubbed Win-DDoS, capable of transforming thousands of publicly accessible domain controllers (DCs) worldwide into a powerful botnet for large-scale DDoS attacks. The...
The post New ‘Win-DDoS’ Attack Turns Windows Servers Into a Global Botnet appeared first on Penetration Testing Tools.
Researchers at Eclypsium have uncovered critical vulnerabilities in the Lenovo 510 FHD and Lenovo Performance FHD webcams that allow them to be transformed into BadUSB-style attack devices. The issue, dubbed BadCam, was presented at...
The post Your Webcam Can Be a Hacker’s Weapon: New ‘BadCam’ Attack Hijacks Lenovo Devices appeared first on Penetration Testing Tools.
Linus Torvalds delivered a sharp rebuke to the initial batch of RISC-V patches proposed for inclusion in Linux 6.17, citing both their untimely submission and the presence of what he called “garbage” changes unrelated...
The post Linus Torvalds Rejects ‘Garbage’ RISC-V Code, Delays It for Linux 6.17 appeared first on Penetration Testing Tools.
After more than two years of development, the Debian Project has unveiled a new stable release of its operating system—Debian 13, codenamed trixie. It will receive updates and security fixes for five years, thanks...
The post Debian 13 ‘trixie’ Is Here: What’s New in the Universal Operating System appeared first on Penetration Testing Tools.
In 2024, Americans over the age of 60 lost an astronomical $700 million to online fraud—a record high in the entire history of monitoring by the U.S. Federal Trade Commission (FTC). The latest Consumer...
The post Record-Breaking Fraud: Older Americans Lost $700 Million to Scams in 2024 appeared first on Penetration Testing Tools.
After Grok-4 was compromised in just two days, GPT-5 fell within a mere 24 hours to the same group of researchers. Almost simultaneously, the SPLX testing team (formerly SplxAI) declared: “Out-of-the-box GPT-5 is practically...
The post GPT-5 Hacked in 24 Hours: Researchers Expose Critical Flaws in OpenAI’s New Model appeared first on Penetration Testing Tools.
A recently patched vulnerability in WinRAR, identified as CVE-2025-8088, was exploited in targeted phishing attacks even before a fix became available. The flaw, classified as a Directory Traversal vulnerability and addressed only in WinRAR...
The post Hackers Exploited a New WinRAR Flaw Before It Was Patched appeared first on Penetration Testing Tools.
Experts at Claroty have uncovered a series of critical vulnerabilities in Axis Communications’ video surveillance product line which, if successfully exploited, could grant an attacker complete control over the affected devices. At risk are...
The post Critical Flaws in Axis Video Surveillance Expose Corporate Networks to Takeover appeared first on Penetration Testing Tools.
The group behind the SocGholish malware has intensified its use of the Parrot TDS and Keitaro TDS traffic distribution systems to filter visitors and redirect them to malicious destinations. According to Silent Push, the...
The post SocGholish Malware Evolves, Using Traffic Distribution Systems to Target Victims appeared first on Penetration Testing Tools.
U.S. law enforcement has revealed details of an international operation that dismantled the core infrastructure of the BlackSuit ransomware gang, notorious for a series of devastating cyberattacks. Nearly two weeks ago, the group’s dark...
The post Dismantling a Ransomware Empire: Law Enforcement Takes Down BlackSuit appeared first on Penetration Testing Tools.
Microsoft, in coordination with federal agencies, has issued a warning about a newly discovered, high-severity vulnerability in hybrid Exchange Server deployments that could allow an attacker with existing access to an on-premises server to...
The post New Exchange Flaw Lets Hackers Take Over Your Cloud Environment appeared first on Penetration Testing Tools.
A researcher operating under the pseudonym dead1nfluence has discovered that the Internet Archive contains over 130,000 recorded conversations with popular chatbots — including Claude, Grok, ChatGPT, and others. This finding suggests that with improper...
The post Your Private Chats Aren’t Private: Over 130,000 Chatbot Conversations Exposed on the Internet Archive appeared first on Penetration Testing Tools.
Researchers at Google have unveiled an enhanced method for exploiting the Retbleed vulnerability — a flaw that enables the extraction of arbitrary data from the memory of any process on affected systems. This weakness...
The post Google Reveals a Far More Dangerous ‘Retbleed’ Exploit for AMD CPUs appeared first on Penetration Testing Tools.
A new tool for disabling EDR systems has emerged in the cybercriminal underground, which Sophos researchers regard as an evolution of the EDRKillShifter utility. Its use has already been documented in attacks by eight...
The post New EDR Killer Tool Allows Ransomware to Cripple Security Solutions appeared first on Penetration Testing Tools.
At the Black Hat conference in Las Vegas, representatives from VisionSpace Technologies demonstrated that disabling a satellite or altering its trajectory can be achieved far more easily — and at a fraction of the...
The post Hacking Satellites Is Easier Than Ever: Critical Flaws Found in Open-Source Space Software appeared first on Penetration Testing Tools.
Radio communications used by intelligence agencies, law enforcement, and military forces across dozens of countries have been found vulnerable to interception — and the flaw lies not only in outdated algorithms, but also in...
The post Broken by Design: Critical Flaws Found in TETRA Radio Encryption appeared first on Penetration Testing Tools.
AppShark Appshark is a static analysis tool for Android apps. Its goal is to analyze very large apps (Douyin currently has 1.5 million methods). Appshark supports the following features: JSON-based customized scanning rules to...
The post appshark: scan vulnerabilities in an Android app appeared first on Penetration Testing Tools.
Cybersecurity researchers have uncovered 11 malicious Go packages designed to download additional components from remote servers and execute them on both Windows and Linux systems. According to Socket researcher Olivia Brown, during execution the...
The post Supply Chain Alert: Malicious Go Packages Found Targeting Windows and Linux appeared first on Penetration Testing Tools.
Two malicious packages have been discovered in the NPM ecosystem, disguised as libraries for building bots and automated services using the WhatsApp Business API. Identified by researchers at Socket, these modules mimicked popular WhatsApp...
The post Your Code Is Not Safe: Malicious NPM Packages Are Deleting Files appeared first on Penetration Testing Tools.
