A newly discovered critical vulnerability in Docker Desktop has placed Windows users at significant risk. Tracked as CVE-2025-9074 and rated 9.3 out of 10 on the CVSS scale, the flaw enables attackers to bypass...
The post Critical Docker Desktop Flaw Allows Attackers to Escape Containers and Hijack the Host appeared first on Penetration Testing Tools.
MathWorks, the developer of the widely used software MATLAB and SIMULINK, has disclosed a major ransomware attack that has impacted thousands of its users. The incident occurred in the spring of 2025, but its...
The post Ransomware Attack on MathWorks Exposes Data of Over 10,000 Users appeared first on Penetration Testing Tools.
Drift has disclosed details of a security incident involving its Salesforce integration. Between August 8 and August 18, 2025, an unknown actor exploited OAuth credentials to extract data from customer Salesforce instances. According to...
The post Data Theft Alert: Salesforce Instances Breached via Third-Party App OAuth Tokens appeared first on Penetration Testing Tools.
In August of this year, specialists from Israel’s National Digital Agency uncovered a large-scale campaign known as ShadowCaptcha, designed to compromise users through more than a hundred hacked WordPress websites. These sites had been...
The post ShadowCaptcha: A New Malware Campaign Uses Fake CAPTCHAs to Steal Data appeared first on Penetration Testing Tools.
Researchers at Check Point Research have uncovered a new targeted campaign, dubbed ZipLine, which leverages the malicious tool MixShell against industrial and high-tech companies. The hallmark of this operation lies in its unorthodox delivery...
The post ZipLine: New Campaign Triggers Victims to Call Hackers appeared first on Penetration Testing Tools.
A cyberattack against the Israeli “kosher internet” provider Internet Rimon, which serves religious and ultra-Orthodox communities, disrupted its services on the evening of August 23. The Iranian group Promised Revenge has claimed responsibility. The...
The post Cyberattack on Israeli “Kosher Internet” Provider Disrupts Service appeared first on Penetration Testing Tools.
Nevada’s network of state institutions was left paralyzed following an incident that occurred in the early hours of August 24. As a result of the attack, the state’s IT infrastructure ceased functioning, forcing most...
The post Cyberattack Paralyzes Nevada, Forcing Government Offices to Close appeared first on Penetration Testing Tools.
Researchers have unveiled ONEFLIP, a groundbreaking attack technique that introduces a novel method of covertly modifying neural networks, marking a major advance in hardware-level threats against AI. Unlike traditional backdoors that rely on tampering...
The post ONEFLIP: A Single Bit Can Hijack an AI, Redefining Hardware-Level Threats appeared first on Penetration Testing Tools.
Google has released an emergency update for Chrome to address a critical vulnerability, CVE-2025-9478, in the ANGLE graphics library. The flaw, a use-after-free error discovered on August 11 by the Google Big Sleep team,...
The post CVE-2025-9478: Google Chrome Patches Critical Use-After-Free Vulnerability appeared first on Penetration Testing Tools.
ESET specialists have reported the first documented case of ransomware in which artificial intelligence plays a central role. The newly discovered strain, named PromptLock, is written in Go and leverages OpenAI’s local gpt-oss:20b model...
The post PromptLock: The AI-Powered Ransomware That Writes Its Own Code appeared first on Penetration Testing Tools.
The fast-glob library—used in thousands of public Node.js projects and in more than thirty systems of the U.S. Department of Defense—has turned out to be the work of a single developer. Online profiles indicate...
The post The Single Point of Failure: A Russian Developer Maintains a Core Node.js Library appeared first on Penetration Testing Tools.
Openness has long been the defining distinction between Android and the iPhone, yet in recent years Google has steadily shifted the balance toward security. Now the company is preparing its most radical step yet...
The post Beyond Google Play: The End of Anonymous Sideloading Is Coming to Android appeared first on Penetration Testing Tools.
On August 24, 2025, the world marked the 30th anniversary of Windows 95—Microsoft’s first truly mass-market 32-bit consumer operating system, a release that profoundly reshaped personal computing. In an era of limited home internet,...
The post The Operating System That Changed Everything: Windows 95 Turns 30 appeared first on Penetration Testing Tools.
The creator of the spyware TheTruthSpy—the Vietnamese company 1Byte Software, led by Vanh (Vardi) Tiu—has once again found itself at the center of a major scandal. Independent security researcher Swarang Veid has uncovered a...
The post Spyware Exposed: A Critical Unpatched Flaw in TheTruthSpy Puts Thousands at Risk appeared first on Penetration Testing Tools.
The Auchan retail chain has fallen victim to a cyber incident targeting its customer loyalty program. This time, attackers gained access to the personal data of clients registered in the Waaoh loyalty scheme. Information...
The post Auchan Suffers Another Data Breach, Exposing Customer Loyalty Data appeared first on Penetration Testing Tools.
GreyNoise has observed a sharp and highly atypical surge in reconnaissance activity targeting Microsoft Remote Desktop Web Access and the RDP Web Client: 1,971 unique IP addresses were active simultaneously, whereas the company typically...
The post GreyNoise Detects Massive Surge in RDP Web Access Probing: Prelude to Password Attacks? appeared first on Penetration Testing Tools.
A new study by specialists at The Trail of Bits has revealed a previously unknown vulnerability in the Google Gemini ecosystem and its associated services, enabling the covert exfiltration of user data through images...
The post Invisible Prompts: A New Attack Uses Malicious Images to Hijack Gemini AI appeared first on Penetration Testing Tools.
Microsoft has issued a warning over the growing surge of large-scale ClickFix phishing attacks and has recommended that system administrators restrict the use of command-line tools and disable the Run dialog in Windows. This...
The post Microsoft Warns: ClickFix Phishing Attacks Are Bypassing EDR appeared first on Penetration Testing Tools.
An attack on Google Classroom has escalated into one of the largest phishing campaigns in recent months. According to Check Point, between August 6 and 12, attackers launched five coordinated waves of distribution, sending...
The post Beyond the Classroom: Phishing Campaign Exploits Google for Global Attack appeared first on Penetration Testing Tools.
CloudSEK researchers have uncovered a new attack vector, dubbed ClickFix, which exploits invisible prompt injection and the prompt overdose technique to compromise automated AI summarization systems. The essence of the method lies in concealing...
The post Ransomware in Your Summary? New Attack Weaponizes AI Assistants appeared first on Penetration Testing Tools.
