Arctic Wolf reports the first confirmed intrusions into customer networks in which attackers logged into FortiGate devices via
The post The SSO Trap: How a “Default” Feature is Granting Attackers Admin Access to FortiGate Devices appeared first on Penetration Testing Tools.
French law enforcement authorities have arrested a 22-year-old man suspected of orchestrating a recent cyberattack against the country’s
The post Retaliation Strike: 22-Year-Old Arrested After BreachForums Hacks French Ministry of Interior appeared first on Penetration Testing Tools.
Researchers at iVerify have identified a new Android remote access trojan dubbed Cellik, which blends the capabilities of
The post The Play Store Predator: New Cellik Spyware Can Trojanize Any App With One Click appeared first on Penetration Testing Tools.
The Kimwolf botnet has drawn intense scrutiny after researchers at QiAnXin XLab reported that it had infected more
The post Taming the Wolf: How the 1.8 Million-Strong Kimwolf Botnet Overtook Google Traffic appeared first on Penetration Testing Tools.
Since early December 2025, SOC teams in Japan have been observing a wave of attacks exploiting React2Shell (CVE-2025-55182)—a
The post Beyond the Shell: Critical React2Shell Exploit Hits Japan to Deploy Stealthy ZnDoor RAT appeared first on Penetration Testing Tools.
GroupPolicyBackdoor is a python utility for Group Policy Objects (GPOs) manipulation and exploitation. GPO attack vectors can very often
The post GPO Stealth: Turn Active Directory Into Your C2 With the New GroupPolicyBackdoor Framework appeared first on Penetration Testing Tools.
In October 2025, experts at Kaspersky Lab uncovered a new wave of targeted attacks attributed to the ForumTroll
The post The Plagiarism Trap: How ForumTroll APT is Holding Academic Careers Hostage to Deploy Spyware appeared first on Penetration Testing Tools.
Researchers at Gen have reported a new WhatsApp account-takeover technique dubbed GhostPairing. The attack appears mundane and arouses
The post The Invisible Roommate: How the GhostPairing Scam Steals Your WhatsApp Without a Password appeared first on Penetration Testing Tools.
Researchers at Check Point Research have uncovered a large-scale espionage operation conducted by the Chinese APT group Ink
The post The Living Mesh: Ink Dragon Turns European Government Servers into a Global ShadowPad Relay Network appeared first on Penetration Testing Tools.
Cymulate Research Labs has uncovered a local privilege escalation vulnerability in Microsoft Windows Admin Center (WAC) version 2.4.2.1,
The post SYSTEM via WAC: How a Permissions Oversight in Windows Admin Center Leads to Full Host Compromise appeared first on Penetration Testing Tools.
Japanese company Internet Initiative Japan (IIJ) has reported observing a new variant of the malware known as Type
The post The Silent Listener: New DRBControl Backdoor Variant Uses Network Sniffing to Evade Detection appeared first on Penetration Testing Tools.
A security researcher has demonstrated how a “booby-trapped” e-book can turn an ordinary Kindle into a gateway to
The post The Trojan Book: How a Malicious E-book Can Hijack Your Entire Amazon Account appeared first on Penetration Testing Tools.
Researchers at Koi Security have identified a new malicious campaign dubbed GhostPoster, targeting users of the Firefox browser.
The post Hidden in Plain Sight: How the GhostPoster Campaign Injected Malware Into 50,000 Firefox Users appeared first on Penetration Testing Tools.
A covert threat has been uncovered within the .NET ecosystem, stemming from the substitution of a widely used
The post The Five-Year Sleeper: Malicious NuGet Package Poses as Tracer.Fody to Drain Crypto Wallets appeared first on Penetration Testing Tools.
Microsoft has announced plans to retire the legacy RC4 algorithm from Windows authentication. The company is preparing changes
The post Kill the Cipher: Microsoft to Disable RC4 Authentication by Mid-2026—Are You Ready? appeared first on Penetration Testing Tools.
By the end of 2025, the internet had become even more tightly bound to cloud infrastructure, mobile traffic,
The post Internet Rewired: Cloudflare 2025 Report Reveals a 19% Traffic Surge and the Rise of AI Bot Wars appeared first on Penetration Testing Tools.
A new wave of pressure targeting Israeli professionals linked to the defense sector has moved beyond conventional cyberattacks
The post Digital Crosshairs: Iran-Linked “Handala” Group Offers $30K Bounties for Israeli Engineers appeared first on Penetration Testing Tools.
In the run-up to the New Year holidays, underground marketplaces often see a surge of freshly minted data-stealing
The post Naughty List: SantaStealer Malware Unwrapped—The “New” Holiday Threat is Just Rebranded Code appeared first on Penetration Testing Tools.
The Danish government has opened a public consultation on amendments to copyright and broadcasting laws that would make
The post The VPN Stand-off: Denmark Backtracks on Controversial VPN Ban Amid Authoritarian Concerns appeared first on Penetration Testing Tools.
SpeechRuntimeMove Lateral Movement via SpeechRuntime DCOM trigger & COM Hijacking. This Proof of Concept (PoC) for Lateral Movement
The post Silent Pivot: Exploiting SpeechRuntimeMove for Stealthy Lateral Movement via DCOM appeared first on Penetration Testing Tools.
