Researchers at VulnCheck have uncovered a new malicious campaign exploiting the CVE-2021-41773 vulnerability in Apache HTTP Server version 2.4.49. This flaw enables remote code execution by bypassing path traversal protections, allowing attackers to access...
The post New Linuxsys Cryptominer Campaign Exploits Apache HTTP Server & Other Critical Flaws appeared first on Penetration Testing Tools.
Cisco has issued an updated advisory regarding a critical vulnerability in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products. This flaw enables remote attackers to execute arbitrary code on the...
The post Critical Cisco ISE RCE (CVSS 10.0) Follows Active FortiWeb Exploits appeared first on Penetration Testing Tools.
SubHunterX is a powerful bug bounty automation framework designed to silently map attack surfaces and uncover critical vulnerabilities. By combining military-grade reconnaissance techniques with intelligent automation, SubHunterX gives security professionals the edge in identifying...
The post SubHunterX: The Automation Framework for Ultimate Bug Bounty Hunting appeared first on Penetration Testing Tools.
A newly discovered version of the SquidLoader malware has surfaced during a targeted attack on institutions in Hong Kong, sparking significant concern within the financial sector. Of particular alarm is its near-complete evasion of...
The post New SquidLoader Variant Unleashed: Stealthy Malware Hits Hong Kong Financial Sector Undetected appeared first on Penetration Testing Tools.
Microsoft has begun rolling out an update to the Copilot app for Windows, significantly enhancing its artificial intelligence capabilities through the introduction of the Desktop Share feature. With this update, Copilot can now “see”...
The post Microsoft Copilot Gets “Eyes”: New Desktop Share Feature Analyzes Your Screen in Real-Time appeared first on Penetration Testing Tools.
Attacks targeting outdated SonicWall SMA 100 devices have once again exposed the fragility of network perimeters often overlooked by conventional security systems. According to the Google Threat Intelligence Group (GTIG), a targeted campaign employing...
The post SonicWall SMA 100 Devices Under Persistent Attack: UNC6148 Deploys Stealthy OVERSTEP Rootkit appeared first on Penetration Testing Tools.
The latest iteration of the Matanbuchus malware loader, designated version 3.0, has drawn particular scrutiny from cybersecurity experts due to its significant enhancements aimed at evading detection and bypassing modern defensive systems. Originally introduced...
The post Matanbuchus 3.0: The Evolved Malware-as-a-Service Evading Detection & Exploiting Microsoft Teams appeared first on Penetration Testing Tools.
A newly discovered vulnerability in Windows Server 2025—dubbed Golden dMSA—poses a grave risk of widespread compromise across entire Active Directory infrastructures, according to a technical report published by enterprise cybersecurity firm Semperis. The issue...
The post Golden dMSA: Critical Windows Server 2025 Flaw Allows Full Active Directory Takeover appeared first on Penetration Testing Tools.
A recent data breach has exposed a critical vulnerability in the systems of Paradox.ai, the developer behind AI-powered chatbots used in recruitment processes at McDonald’s and other Fortune 500 corporations. The cause of this...
The post Paradox.ai Data Breach: “123456” Password & Nexus Stealer Expose Fortune 500 Clients appeared first on Penetration Testing Tools.
lockc lockc is open source software for providing MAC (Mandatory Access Control) type of security audit for container workloads. The main reason why lockc exists is that containers do not contain. Containers are not as secure and isolated...
The post lockc: Making containers more secure with eBPF and Linux Security Modules appeared first on Penetration Testing Tools.
During the Pwn2Own Berlin 2025 competition, security researcher Manfred Paul successfully demonstrated an attack against the Mozilla Firefox browser’s rendering process by exploiting a vulnerability in the IonMonkey JIT compiler. Although he did not...
The post Pwn2Own Berlin: Critical IonMonkey JIT Bug Exposes Firefox to Memory Corruption appeared first on Penetration Testing Tools.
Google has announced the successful discovery of a critical vulnerability in the widely used SQLite database engine—identified and neutralized before it could be exploited in real-world attacks. The flaw was uncovered by Big Sleep,...
The post Google’s Big Sleep AI Foils Zero-Day Exploit in SQLite Before Attackers Strike appeared first on Penetration Testing Tools.
Amid the accelerating tide of digital transformation, Windows Hello for Business (WHfB) continues to be championed by Microsoft as a modern, passwordless solution for enterprise authentication. Yet, beneath this progressive façade lies an architectural...
The post Windows Hello for Business Flaw: Biometric Bypass Exposes Enterprise Authentication appeared first on Penetration Testing Tools.
In an era defined by the rapid evolution of generative AI systems, the notion of security has transcended traditional vulnerabilities. A recent precedent demonstrated that remote code execution can be achieved without relying on...
The post Beyond Bugs: How Generative AI Ecosystems Can Be Hacked Without Exploits appeared first on Penetration Testing Tools.
Air Serbia has fallen victim to a cyberattack that has significantly disrupted the company’s internal operations. The digital crisis began in the early days of July 2025 and persists to this day. One of...
The post Air Serbia Hit by Major Cyberattack: Internal Systems Disrupted, Active Directory Compromised appeared first on Penetration Testing Tools.
hoaxshell is a Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell, based on the following concept: This c2 concept (which could be implemented by...
The post hoaxshell: A Windows reverse shell payload generator and handler appeared first on Penetration Testing Tools.
Google has released an emergency update for its Chrome browser, addressing six security vulnerabilities—one of which is already being actively exploited in the wild. The flaws affect critical components related to Chrome’s graphics engine...
The post Emergency Chrome Update: Google Patches Actively Exploited Zero-Day Allowing Sandbox Escape appeared first on Penetration Testing Tools.
MITRE has unveiled a new cybersecurity framework titled AAD APT (Adversarial Actions in Digital Asset Payment Technologies), specifically designed to counter vulnerabilities within digital financial systems, including cryptocurrencies. This initiative extends the principles established...
The post MITRE Unveils AADAPT: A New Cybersecurity Framework to Combat Digital Asset Threats appeared first on Penetration Testing Tools.
In a recent analysis based on the examination of 10 million real-world compromised passwords, researchers at Specops have laid bare the ongoing vulnerability of corporate networks stemming from human error. The passwords were drawn...
The post The Password Crisis: 98.5% of Corporate Passwords Are Insecure, Leaving Networks Vulnerable appeared first on Penetration Testing Tools.
Meta has addressed a security vulnerability in its Meta AI chatbot that allowed users to access private prompts and AI-generated responses intended for other individuals. The issue was responsibly disclosed by security researcher Sandeep...
The post Meta AI Chatbot Exposed: Critical Flaw Leaked Private Prompts and Responses appeared first on Penetration Testing Tools.
