Aggregator

ACRStealer, a notorious information-stealing malware, has once again come under the spotlight following a series of enhancements that have significantly improved its resilience against detection and analysis. Over the past year—particularly since the beginning...

The post ACRStealer’s Stealthy Evolution: New Variants Use Heaven’s Gate & Low-Level NTAPIs to Evade Detection appeared first on Penetration Testing Tools.

Hackers have ramped up their attacks on vulnerable Linux servers with exposed SSH access, deploying the SVF Botnet—a simple yet effective malicious framework designed for conducting DDoS attacks and cryptocurrency mining. This revelation comes...

The post SVF Botnet Strikes: New Linux DDoS Threat Leverages Discord for Covert Command and Control appeared first on Penetration Testing Tools.

Experts at SEQRITE Labs have uncovered a large-scale cyber-espionage campaign dubbed CargoTalon, specifically targeting personnel within a key enterprise of Russia’s aviation industry. The operation employs highly targeted phishing techniques, disguised as essential logistics...

The post CargoTalon: New Cyber-Espionage Campaign Targets Russian Aviation with Stealthy DLL Implants appeared first on Penetration Testing Tools.

Operation CargoTalon targets Russia’s aerospace and defense sectors with EAGLET malware, using TTN documents to exfiltrate data. SEQRITE Labs researchers uncovered a cyber-espionage campaign, dubbed Operation CargoTalon, targeting Russia’s aerospace and defense sectors, specifically Voronezh Aircraft Production Association (VASO), via malicious TTN documents. “Товарно-транспортная накладная” (TTN) is a “goods and transport invoice” or “consignment note” used […]

BreachForums resurfaces on its original .onion domain amid law enforcement crackdowns, raising questions about its admin, safety and future.

Researchers have uncovered a stealthy backdoor within WordPress, cunningly disguised as a system file within the mu-plugins directory—a special location designated for must-use plugins. This strategic placement enables threat actors to establish a persistent...

The post Stealthy WordPress Backdoor Found Hiding in Must-Use Mu-Plugins Directory for Persistent Access appeared first on Penetration Testing Tools.

In today’s mobile-first world, companies often struggle to bridge the gap between their websites and mobile apps. This is where web-to-app funnels come into play. These funnels are designed to guide users from a web touchpoint (such as an ad or landing page) into a mobile application, where deeper engagement and higher conversions often occur. […]

The post Web-to-App Funnels: Pros And Cons appeared first on Cyber Security News.

A hacker planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. [...]

Hundreds of LG LNV5110R cameras are affected by an unpatched auth bypass flaw that allows hackers to gain admin access. US Cybersecurity and Infrastructure Security Agency warns that hundreds of LG LNV5110R cameras are impacted by an unpatched authentication bypass vulnerability. The flaw, tracked as CVE-2025-7742 (CVSS score of 8.3), can allow attackers to gain admin […]

NASCAR warned that a cyberattack that began in March exposed Social Security numbers.

Longtime CISO Melina Scotto joins Dark Reading to discuss career advice gleaned from her 30 years in the cyber industry.

Suspected China-nexus threat actors targeted virtual environments and used several tools and techniques to bypass security barriers and reach isolated portions of victims' networks.

International law enforcement agencies, including the FBI and Europol, have successfully seized the infrastructure of the notorious BlackSuit ransomware gang in Operation Checkmate. This article details the takedown, BlackSuit's origins, and the ongoing fight against evolving cyber threats.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file adicionar_cor.php. The manipulation of the argument cor leads to cross site scripting. This vulnerability is known as CVE-2025-53929. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file adicionar_especie.php. The manipulation of the argument especie leads to cross site scripting. This vulnerability is handled as CVE-2025-53930. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA up to 3.4.4. This affects an unknown part of the file adicionar_raca.php. The manipulation of the argument raca leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-53931. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in LabRedesCefetRJ WeGIA up to 3.4.4. Affected is an unknown function of the file /controle/control.php. The manipulation of the argument cargo leads to sql injection. This vulnerability is traded as CVE-2025-53937. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in LabRedesCefetRJ WeGIA up to 3.4.4. Affected by this vulnerability is an unknown functionality of the file /dao/verificar_recursos_cargo.php of the component HTTP Request Handler. The manipulation leads to missing authentication. This vulnerability is known as CVE-2025-53938. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in LabRedesCefetRJ WeGIA up to 3.4.4. Affected by this issue is some unknown functionality of the file personalizacao_selecao.php. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-53935. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in LabRedesCefetRJ WeGIA up to 3.4.4. This affects an unknown part of the file personalizacao_selecao.php. The manipulation of the argument nome_car leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-53936. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.