Penetration Testing Tools - Metepreter.org

Millions of Linux-based systems across the globe have been exposed to serious risk due to a newly discovered critical vulnerability in the sudo utility—one that enables attackers to gain superuser privileges and seize full...

The post Critical Sudo Flaws (CVE-2025-32463, CVSS 9.3): Root Privilege Escalation Via –chroot & –host Options, PoC Available appeared first on Penetration Testing Tools.

Researchers at the University of North Carolina have developed a novel method for deceiving artificial intelligence systems tasked with image analysis. The technique, dubbed RisingAttacK, can effectively render objects invisible to AI, even when...

The post RisingAttacK: New Method Renders Objects “Invisible” to AI Image Analysis Systems appeared first on Penetration Testing Tools.

The French cybersecurity agency has announced a large-scale cyberattack targeting key sectors of the nation. Government institutions, telecommunications firms, media organizations, the financial sector, and transport entities were all placed in the crosshairs. The...

The post ANSSI Exposes “Houken”: China-Linked APT Exploiting Ivanti CSA Zero-Days & Deploying Linux Rootkits appeared first on Penetration Testing Tools.

DreamWalkers Reflective shellcode loader inspired by MemoryModule and Donut, with advanced call stack spoofing and .NET support. Unlike traditional call stack spoofing, which often fails within reflectively loaded modules due to missing unwind metadata, DreamWalkers introduces a...

The post DreamWalkers: New Reflective Shellcode Loader Spoofs Call Stacks & Supports .NET for EDR Evasion appeared first on Penetration Testing Tools.

Corporate laptops and production servers typically have robust security monitoring in place to reduce risk and meet compliance requirements. However, CI/CD runners, which handle sensitive information like secrets for cloud environments and create production...

The post Harden-Runner: EDR for CI/CD Stops Supply Chain Attacks Cold appeared first on Penetration Testing Tools.

In recent weeks, the Fedora community has found itself at the heart of intense debate, sparked by two proposed changes that could significantly reshape the future of the distribution. Following the release of Fedora...

The post Fedora Delays 32-bit Support End: Community Outcry Saves Gaming & Legacy Apps appeared first on Penetration Testing Tools.

Despite the rapid advancements in chatbot technology, modern AI models still frequently err when asked to identify the official websites of well-known companies. According to researchers at Netcraft, these inaccuracies present fresh opportunities for...

The post AI Chatbots Are Leading Users to Phishing Sites: New Report Reveals Dangerous “AI Search Poisoning” Threat appeared first on Penetration Testing Tools.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning regarding serious threats posed by the application TeleMessage TM SGNL, which had been promoted as a secure alternative to the Signal messenger....

The post CISA Warns: TeleMessage TM SGNL Actively Exploited for Data Leaks, Patch by July 22 appeared first on Penetration Testing Tools.

Experts have uncovered a large-scale fraudulent campaign involving thousands of counterfeit online stores masquerading as renowned global brands, all designed to steal customers’ payment information. The scheme has been active for several months. Cybercriminals...

The post Global E-commerce Fraud Ring Uncovered: Fake Apple, Nordstrom, Brooks Brothers Sites Steal Credit Cards appeared first on Penetration Testing Tools.

Cisco has remedied a critical vulnerability in its Unified Communications Manager (Unified CM), the enterprise telephony management system, which could have granted attackers complete control over affected devices due to a hardcoded superuser account...

The post Urgent Cisco ISE/ISE-PIC Alert: Critical RCE Flaw (CVSS 10.0) Allow Unauthenticated Root Access appeared first on Penetration Testing Tools.

A critical vulnerability has been discovered in the Android spyware app known as Catwatchful, resulting in a significant data breach that compromised the personal information of thousands of users—including the administrator of the service...

The post Catwatchful Spyware Hacked: Critical Flaw Exposes 62,000 User Logins & Victim Data appeared first on Penetration Testing Tools.

A major investigation into large-scale SMS fraud has concluded in London, culminating in the conviction of Chinese student Ruichen Xiong, who has been sentenced to over a year in prison for orchestrating an elaborate smishing...

The post Chinese Student Jailed for Smishing: Operated Covert “SMS Blaster” in Car for Mass Phishing appeared first on Penetration Testing Tools.

A critical vulnerability has been discovered in the popular WordPress plugin Forminator, enabling unauthenticated attackers to arbitrarily delete files from a website. This flaw poses a significant threat, potentially allowing full compromise of targeted...

The post Forminator WordPress Plugin Flaw (CVE-2025-6463, CVSS 8.8): Unauthenticated Arbitrary File Deletion Leads to Site Takeover appeared first on Penetration Testing Tools.

Fully automated MCP server built on top of apktool to analyze Android APKs using LLMs like Claude — uncover vulnerabilities, parse manifests, and reverse engineer effortlessly. apktool-mcp-server is a MCP server for the Apk Tool that integrates...

The post apktool-mcp-server: Fully Automated MCP Server Analyzes APKs with LLMs Like Claude appeared first on Penetration Testing Tools.

A threat group linked to the Democratic People’s Republic of Korea (DPRK) is intensifying its attacks on companies operating in the Web3 and cryptocurrency sectors, deploying malware crafted in the Nim programming language. These...

The post NimDoor: North Korean APT Uses Nim-Based Malware for Stealthy Web3 & Crypto Attacks on macOS appeared first on Penetration Testing Tools.

Telephone-based fraud schemes masquerading as customer support from well-known brands are rapidly gaining traction among cybercriminals. According to researchers at Cisco Talos, attackers are increasingly employing a method known as TOAD (Telephone-Oriented Attack Delivery),...

The post TOAD Attacks Surge: Reverse Phishing Campaigns Trick Victims into Calling Scammers for RAT Delivery appeared first on Penetration Testing Tools.

Australian airline Qantas has suffered a significant cybersecurity incident after malicious actors gained access to a third-party platform containing customer data, the company announced on Monday evening. Qantas, the nation’s largest carrier—operating both domestic...

The post Qantas Data Breach: Up to 6 Million Customers’ Personal Info Exposed in Third-Party Contact Centre Attack appeared first on Penetration Testing Tools.

An international cryptocurrency fraud network has been dismantled in Spain, with more than 5,000 victims identified across the globe over the past several years. According to law enforcement estimates, the perpetrators managed to launder...

The post €460M Crypto Fraud Busted: Europol & Allies Arrest 5, Dismantle Global Money Laundering Ring appeared first on Penetration Testing Tools.

Google has found itself at the center of a major legal battle that culminated in a California jury ordering the tech giant to pay over $314 million to Android smartphone users in the state....

The post Google Hit with $314M Verdict: Jury Rules Android Secretly Used Cellular Data for Tracking appeared first on Penetration Testing Tools.

Anthropic has encountered a critical vulnerability in one of its AI-related projects. The flaw, identified as CVE-2025-49596, affects the Model Context Protocol (MCP) Inspector tool and has been assigned a CVSS severity score of...

The post Critical MCP Inspector Flaw (CVE-2025-49596, CVSS 9.4): Unauthenticated RCE Threatens AI Dev Machines via Browser appeared first on Penetration Testing Tools.