Researchers at Cymulate Research Labs have disclosed a new vulnerability in Windows that allows attackers to bypass Microsoft’s recent patch and once again exfiltrate NTLM hashes without any user interaction. The flaw, tracked as...
The post The Patch Isn’t a Fix: New Flaw Lets Attackers Steal NTLM Hashes from Windows appeared first on Penetration Testing Tools.
Microsoft has introduced a new mechanism known as Nested App Authentication (NAA), which is steadily becoming a key component of the company’s cloud ecosystem. The concept is straightforward: if a user has already signed...
The post Nested App Authentication: Microsoft’s New Feature Is a Double-Edged Sword for Azure Security appeared first on Penetration Testing Tools.
monkey365 Monkey365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365 but also Azure subscriptions and Azure Active Directory security configuration reviews without the significant overhead...
The post monkey365: conduct Microsoft 365, Azure subscriptions and Azure Active Directory security configuration reviews appeared first on Penetration Testing Tools.
SQLiDetector Simple python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. The...
The post SQLiDetector: detect SQL injection Error based appeared first on Penetration Testing Tools.
The APT-C-36 group (Blind Eagle) intensified its operations in May 2025, focusing attacks on Colombian government institutions and major corporations, as well as on organizations in other South American countries, including Ecuador, Chile, and...
The post Beyond Phishing: A Closer Look at Blind Eagle’s New, More Stealthy Attacks appeared first on Penetration Testing Tools.
The British company Stock in the Channel (STIC), which provides a digital platform for monitoring the availability and pricing of IT equipment, has reported a cyberattack that caused a large-scale disruption of its services....
The post Zero-Day Attack Takes Down Stock in the Channel, Disrupting IT Supply Chain appeared first on Penetration Testing Tools.
The first release of the Linux 6.17 kernel has arrived—yet it contains no updates related to the bcachefs file system. And the reason lies not in technical shortcomings. On August 10, Linus Torvalds announced...
The post The “Human Factor”: Why a Next-Gen Linux Filesystem Is on the Ropes appeared first on Penetration Testing Tools.
Several automated traffic enforcement cameras in the Netherlands were temporarily taken out of service following a July incident. As confirmed by the Dutch Openbaar Ministerie (OM)—the national public prosecutor’s office—the shutdown affected not only...
The post Dutch Traffic Cameras Go Dark After Major Cyberattack appeared first on Penetration Testing Tools.
U.S. authorities have once again imposed sanctions on the cryptocurrency exchange Garantex, accusing it of facilitating the laundering of more than $100 million in illicit funds and supporting the operations of ransomware groups. Founded...
The post Unmasking the New Sanctions: How a Crypto Exchange Evaded Authorities and Supported Ransomware appeared first on Penetration Testing Tools.
Zoom has patched a critical vulnerability in its Windows clients, while Xerox has issued fixes for severe flaws in its FreeFlow Core system. Both issues posed significant threats—ranging from privilege escalation to remote code...
The post Urgent Security Patches: Zoom and Xerox Address Critical Flaws appeared first on Penetration Testing Tools.
A new Android malware campaign has emerged, targeting banking customers in Brazil, India, and Southeast Asia, combining contactless fraud via NFC, call interception, and the exploitation of device vulnerabilities. Researchers at ThreatFabric have identified...
The post PhantomCard: The New Android Malware Using NFC to Steal Your Money appeared first on Penetration Testing Tools.
GooFuzz GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server. GooFuzz performs fuzzing with an OSINT...
The post GooFuzz: enumerate directories, files, subdomains or parameters appeared first on Penetration Testing Tools.
Microsoft has released the seventh preview of .NET 10 (Preview 7), introducing updates to its runtime and frameworks. Among the most notable enhancements are a new wrapper that exposes WebSocket connections through a streaming...
The post .NET 10 (Preview 7): Microsoft Unveils WebSocket Streaming and Passkey Support appeared first on Penetration Testing Tools.
Ransomware operators and infostealers are adapting their tactics more swiftly than enterprises can recalibrate their defenses. Even substantial investments in ransomware resilience—primarily in backups and recovery—are increasingly failing to prevent tangible damage. According to...
The post The Quiet Threat: Why Ransomware and Infostealers Are Succeeding Where Encryption Fails appeared first on Penetration Testing Tools.
Japan has been struck by a new wave of cyberattacks involving CrossC2, a tool that extends the capabilities of Cobalt Strike to Linux and macOS platforms. According to the JPCERT/CC Coordination Center, these attacks...
The post Beyond Windows: How Attackers Are Using CrossC2 to Infiltrate Linux Networks appeared first on Penetration Testing Tools.
CrowdStrike has released its Global Threat Report 2025, documenting a profound shift in the behavior of both cybercriminals and state-sponsored groups. Analysts have described 2024 as “the year of the enterprising adversary”—threat actors are...
The post The AI-Powered Threat: Key Findings from the CrowdStrike Global Threat Report 2025 appeared first on Penetration Testing Tools.
Google has introduced a new requirement for developers of cryptocurrency exchange and wallet applications, mandating that they obtain official government licenses prior to publication. The company explains that this initiative is intended to foster...
The post Google’s New Crypto App Rules: A Game-Changer for a Safer Digital Ecosystem appeared first on Penetration Testing Tools.
Aced Aced is a tool to parse and resolve a single targeted Active Directory principal’s DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound...
The post aced: parse and resolve a single targeted Active Directory principal’s DACL appeared first on Penetration Testing Tools.
The Trustwave SpiderLabs research team has documented a fresh wave of EncryptHub attacks, in which the human element and the exploitation of a Microsoft Management Console (MMC) vulnerability converge into a single, cohesive campaign....
The post A New Wave of EncryptHub Attacks: How a Microsoft Vulnerability and Social Engineering Collide appeared first on Penetration Testing Tools.
A newly discovered attack on the HTTP/2 protocol, dubbed MadeYouReset, has been unveiled by researchers from Tel Aviv University and disclosed following coordinated reporting through Akamai’s bug bounty program. Although Akamai’s own HTTP/2 implementation...
The post “MadeYouReset”: A New HTTP/2 DDoS Attack Bypasses Rapid Reset Defenses appeared first on Penetration Testing Tools.
