The NPM ecosystem has been struck by a new supply chain attack, this time targeting the Nx project, into whose repository several malicious package versions were uploaded late Tuesday evening. According to researchers at...
The post Supply Chain Attack on a Popular Dev Tool Is Stealing Crypto, Keys, and Tokens appeared first on Penetration Testing Tools.
Anthropic has published a report revealing how malicious actors are increasingly exploiting AI models for attacks and fraud, bypassing existing security measures. The document provides concrete examples showing that agent-based AI systems are no...
The post Criminals Are Weaponizing AI to Automate Cyberattacks at Scale appeared first on Penetration Testing Tools.
A cyberattack on the Swedish company Miljödata, a provider of software solutions for workforce management and occupational safety, has paralyzed operations across roughly 200 municipalities and regions in the country. The disruption affected systems...
The post Ransomware Attack on Swedish Provider Paralyzes 200 Municipalities appeared first on Penetration Testing Tools.
Generative AI is now assisting in selecting patches for backporting into the stable branches of Linux, including long-term support (LTS) releases. Sasha Levin, the LTS maintainer, recently advanced updates to kernel documentation regarding the...
The post AI Is Now a Linux Kernel Assistant, Helping Maintainers Backport Patches appeared first on Penetration Testing Tools.
Congressman David Schweikert (Republican, Arizona, District AZ-01) has introduced the Cybercrime Marque and Reprisal Authorization Act of 2025 (H.R. 4988) in the House of Representatives. The bill, registered on August 15, 2025, has been...
The post Cyber Privateers? A New Bill Revives a Historic Law to Fight Cybercrime appeared first on Penetration Testing Tools.
Sangoma has issued an urgent alert regarding an actively exploited zero-day vulnerability in FreePBX installations where the Administrator Control Panel (ACP) is exposed to the internet. FreePBX, an open-source IP-PBX built on Asterisk, is...
The post Sangoma Issues Warning: Zero-Day Vulnerability Actively Exploited in FreePBX appeared first on Penetration Testing Tools.
According to a report by Microsoft Threat Intelligence, the group Storm-0501 has shifted its focus from traditional on-premises ransomware campaigns to tactics centered on cloud services. Whereas in the past attackers deployed encryptors onto...
The post How Storm-0501 is Pivoting to Cloud-Native Attacks appeared first on Penetration Testing Tools.
The U.S. National Security Agency, the U.K.’s National Cyber Security Centre, and partners from more than ten countries have attributed the global Salt Typhoon operations to three Chinese technology companies. Now, the FBI and...
The post NSA, CISA, & Partners Expose Chinese APT Groups appeared first on Penetration Testing Tools.
Octosuite Octosuite is an open-source lightweight yet advanced osint framework that targets GitHub users and organizations. With over 20+ features, Octosuite only runs on 2 external dependencies. And returns the gathered intelligence in a...
The post Octosuite: Advanced Github OSINT Framework appeared first on Penetration Testing Tools.
NetScaler has issued an urgent advisory warning administrators of three newly discovered vulnerabilities in NetScaler ADC and NetScaler Gateway—one of which is already being actively exploited. Updates are now available, and the vendor strongly...
The post CVE-2025-7775: NetScaler Zero-Day Is Under Active Attack appeared first on Penetration Testing Tools.
A newly discovered critical vulnerability in Docker Desktop has placed Windows users at significant risk. Tracked as CVE-2025-9074 and rated 9.3 out of 10 on the CVSS scale, the flaw enables attackers to bypass...
The post Critical Docker Desktop Flaw Allows Attackers to Escape Containers and Hijack the Host appeared first on Penetration Testing Tools.
MathWorks, the developer of the widely used software MATLAB and SIMULINK, has disclosed a major ransomware attack that has impacted thousands of its users. The incident occurred in the spring of 2025, but its...
The post Ransomware Attack on MathWorks Exposes Data of Over 10,000 Users appeared first on Penetration Testing Tools.
Drift has disclosed details of a security incident involving its Salesforce integration. Between August 8 and August 18, 2025, an unknown actor exploited OAuth credentials to extract data from customer Salesforce instances. According to...
The post Data Theft Alert: Salesforce Instances Breached via Third-Party App OAuth Tokens appeared first on Penetration Testing Tools.
In August of this year, specialists from Israel’s National Digital Agency uncovered a large-scale campaign known as ShadowCaptcha, designed to compromise users through more than a hundred hacked WordPress websites. These sites had been...
The post ShadowCaptcha: A New Malware Campaign Uses Fake CAPTCHAs to Steal Data appeared first on Penetration Testing Tools.
Researchers at Check Point Research have uncovered a new targeted campaign, dubbed ZipLine, which leverages the malicious tool MixShell against industrial and high-tech companies. The hallmark of this operation lies in its unorthodox delivery...
The post ZipLine: New Campaign Triggers Victims to Call Hackers appeared first on Penetration Testing Tools.
A cyberattack against the Israeli “kosher internet” provider Internet Rimon, which serves religious and ultra-Orthodox communities, disrupted its services on the evening of August 23. The Iranian group Promised Revenge has claimed responsibility. The...
The post Cyberattack on Israeli “Kosher Internet” Provider Disrupts Service appeared first on Penetration Testing Tools.
Nevada’s network of state institutions was left paralyzed following an incident that occurred in the early hours of August 24. As a result of the attack, the state’s IT infrastructure ceased functioning, forcing most...
The post Cyberattack Paralyzes Nevada, Forcing Government Offices to Close appeared first on Penetration Testing Tools.
Researchers have unveiled ONEFLIP, a groundbreaking attack technique that introduces a novel method of covertly modifying neural networks, marking a major advance in hardware-level threats against AI. Unlike traditional backdoors that rely on tampering...
The post ONEFLIP: A Single Bit Can Hijack an AI, Redefining Hardware-Level Threats appeared first on Penetration Testing Tools.
Google has released an emergency update for Chrome to address a critical vulnerability, CVE-2025-9478, in the ANGLE graphics library. The flaw, a use-after-free error discovered on August 11 by the Google Big Sleep team,...
The post CVE-2025-9478: Google Chrome Patches Critical Use-After-Free Vulnerability appeared first on Penetration Testing Tools.
ESET specialists have reported the first documented case of ransomware in which artificial intelligence plays a central role. The newly discovered strain, named PromptLock, is written in Go and leverages OpenAI’s local gpt-oss:20b model...
The post PromptLock: The AI-Powered Ransomware That Writes Its Own Code appeared first on Penetration Testing Tools.
