The 0patch team has reported that while analyzing CVE-2025-59230 in the Windows Remote Access Connection Manager (RasMan)—a flaw
The post Unpatched RasMan Zero-Day Allows Local System Takeover via DoS Crash and RPC Spoofing appeared first on Penetration Testing Tools.
The administration of U.S. President Donald Trump is preparing to enlist private companies in the conduct of offensive
The post US Draft Cyber Strategy Plans to Enlist Private Firms for Offensive Cyber Operations appeared first on Penetration Testing Tools.
A project called stillepost demonstrates an unusual technique that turns an ordinary Chromium-based browser into an application-layer proxy
The post Covert Channels: Stillepost Turns Chromium Browser into Stealth Application-Layer Proxy appeared first on Penetration Testing Tools.
Ghidra, the free reverse-engineering framework developed by the U.S. National Security Agency’s research arm, has reached version 12.0,
The post Ghidra 12.0 Released: Adds Concolic Execution and File System Mirroring for Reverse Engineering appeared first on Penetration Testing Tools.
Blocking EDRs traffic Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender
The post Blocking EDRs traffic: C-Based Tools That Block EDR Network Traffic via Windows Firewall and WFP appeared first on Penetration Testing Tools.
A scheme is gaining momentum worldwide in which doxers impersonate police officers and use so-called “emergency requests” to
The post Emergency Doxing: Scammers Impersonate Police to Steal Data from Apple, Charter, and Amazon appeared first on Penetration Testing Tools.
Kali Linux 2025.4 has been released—the final update of the year for the distribution relied upon by cybersecurity
The post Kali Linux 2025.4 Final Release: GNOME is Now Wayland Exclusive, New Pentesting Tools Added appeared first on Penetration Testing Tools.
A newly released open-source project has drawn the attention of the technical community for its attempt to circumvent
The post LazyHook: New Framework Uses Hardware Breakpoints to Bypass EDR Stealthily appeared first on Penetration Testing Tools.
The emergence of a new malicious tool within the React2Shell attack chain has become a notable development amid
The post Next-Gen Malware: EtherRAT Uses Ethereum Smart Contract for Stealth C2 appeared first on Penetration Testing Tools.
Researchers at Securonix have uncovered a multi-layered malware campaign designed to surreptitiously deploy the NetSupport RAT remote access
The post Fileless Evasion: Multi-Stage Campaign Deploys NetSupport RAT via Obfuscated HTA appeared first on Penetration Testing Tools.
Security researchers have disclosed a .NET vulnerability that could affect a wide range of enterprise products and lead
The post Unpatched .NET RCE Flaw Lets Attackers Write Files via SOAP—Microsoft Blames Developers appeared first on Penetration Testing Tools.
Attackers are actively exploiting a newly discovered zero-day vulnerability in Gogs—a widely used self-hosted Git service—for which no
The post 700+ Instances Hacked: Gogs Zero-Day CVE-2025-8110 Under Active Exploitation appeared first on Penetration Testing Tools.
Cisco Talos has uncovered a new DeadLock ransomware campaign in which attackers exploit a vulnerable Baidu Antivirus driver
The post DeadLock Ransomware Uses BYOVD to Kill EDR and Erase Backups Stealthily appeared first on Penetration Testing Tools.
A previously obscure Linux backdoor known as GhostPenguin has emerged from the shadows thanks to automated threat hunting,
The post AI Hunters Expose GhostPenguin: A Stealthy Linux Backdoor Undetected for Months appeared first on Penetration Testing Tools.
The cybercriminal group GrayBravo, formerly known as TAG-150, continues to evolve at a rapid pace, demonstrating a high
The post CastleLoader PhaaS: GrayBravo Escalates Attacks on Logistics & Booking.com appeared first on Penetration Testing Tools.
GhostFrame is a newly emerged phishing tool that, in just three months, has already powered more than one
The post GhostFrame: The Invisible Phishing-as-a-Service That Powered Over a Million Attacks appeared first on Penetration Testing Tools.
SpearSpray is an advanced password spraying tool designed specifically for Active Directory environments. It combines user enumeration via LDAP
The post SpearSpray: The Stealthy Tool That Bypasses Lockout Policies in Active Directory appeared first on Penetration Testing Tools.
Google has released an unscheduled Chrome update to patch a zero-day vulnerability already being exploited in active attacks.
The post PATCH NOW: Google Issues Emergency Chrome Update for Actively Exploited Zero-Day appeared first on Penetration Testing Tools.
Microsoft has released its December security updates: Patch Tuesday brings fixes for 57 vulnerabilities, including three zero-days (one
The post PATCH NOW: Microsoft Fixes 57 Flaws, Including Three Zero-Days Actively Exploited appeared first on Penetration Testing Tools.
The investigation in Japan has detained two Chinese nationals suspected of orchestrating the largest known market-manipulation scheme involving
The post Japan’s Largest Scam: Chinese Duo Used Hijacked Accounts to Manipulate Stock Prices appeared first on Penetration Testing Tools.
