Adobe has issued an out-of-band security update for its Adobe Experience Manager (AEM) Forms platform on Java EE, following the public disclosure of an exploit chain that enables unauthenticated remote code execution on vulnerable...
The post Urgent Patch: Critical Flaws in Adobe Experience Manager Allow Remote Takeover appeared first on Penetration Testing Tools.
ProtectMyTooling A script that wraps around a multitude of packers, protectors, obfuscators, shellcode loaders, encoders, and generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark...
The post ProtectMyTooling: Multi-Packer wrapper letting us daisy-chain various packers, obfuscators appeared first on Penetration Testing Tools.
jscythe jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working against Visual Studio Code, Discord, any...
The post jscythe: execute arbitrary javascript code appeared first on Penetration Testing Tools.
As the Pentagon grapples with the consequences of funding shortfalls and high turnover in the field of cybersecurity, Donald Trump’s inner circle is floating a bold proposal: the creation of a new combat branch—Cyber...
The post Trump’s Allies Propose New “Cyber Force” Military Branch to Combat Digital Threats appeared first on Penetration Testing Tools.
A recent automated study conducted by ETHIACK has revealed that modern web application security mechanisms—including widely adopted Web Application Firewalls (WAFs)—are vulnerable to a novel class of attacks that combine JavaScript injection with HTTP...
The post The WAF Deception: 70% of Firewalls Bypassed by HTTP Parameter Pollution and JS Injection appeared first on Penetration Testing Tools.
Amid the rapid proliferation of cryptocurrency ATMs across the United States, the Department of the Treasury has issued a warning about the growing risk of their exploitation for illicit purposes. In a recently published...
The post The Dark Side of Crypto ATMs: Treasury Warns of Rising Fraud and Scams as Losses Near $250M appeared first on Penetration Testing Tools.
Generative AI models are rapidly evolving into fully-fledged instruments within the arsenals of cyber adversaries. This trend is underscored in CrowdStrike’s 2025 annual report, which highlights a sharp increase in the use of artificial...
The post The AI Cyberwar Is Here: CrowdStrike Report Exposes How Attackers Use AI to Automate Vishing, Phishing, & Espionage appeared first on Penetration Testing Tools.
A large-scale campaign exploiting a chain of vulnerabilities in Microsoft SharePoint continues to escalate—this time with the active involvement of ransomware groups. During an investigation into a series of coordinated attacks, researchers at Palo...
The post The ToolShell Threat Escalates: New 4L4MD4R Ransomware Joins China-Linked APTs in SharePoint Attacks appeared first on Penetration Testing Tools.
At first glance, static RAM (SRAM) appeared to be a reliable sanctuary for sensitive data. Embedded directly within the processor die and incapable of retaining information once power is cut, it was long considered...
The post Volt Boot Attack: New Physical Exploit Bypasses Cold Boot Defenses to Steal Secrets from On-Chip SRAM appeared first on Penetration Testing Tools.
The French fashion house Chanel has become the latest victim of an ongoing data compromise campaign targeting users of the Salesforce platform, suffering a breach of personal client information in the United States. The...
The post Chanel Client Data Breached in Widespread ShinyHunters Campaign Targeting Salesforce appeared first on Penetration Testing Tools.
pamspy — Credentials Dumper for Linux pamspy leverages eBPF technologies to achieve an equivalent work of 3snake. It will track a particular userland function inside the PAM (Pluggable Authentication Modules) library, used by many...
The post pamspy: Credentials Dumper for Linux using eBPF appeared first on Penetration Testing Tools.
evilgophish Combination of evilginx2 and GoPhish. Why? As a penetration tester or red teamer, you may have heard of evilginx2 as a proxy man-in-the-middle framework capable of bypassing two-factor/multi-factor authentication. This is enticing to us, to say the...
The post evilgophish: Combination of evilginx2 and GoPhish appeared first on Penetration Testing Tools.
Critical vulnerabilities discovered in the NVIDIA Triton Inference Server platform pose a significant threat to the security of AI infrastructure across both Windows and Linux environments. This concerns an open-source solution designed for large-scale...
The post Triple Threat in Triton: Critical Flaws Expose AI Servers to Full Takeover appeared first on Penetration Testing Tools.
Proton, a company renowned for its commitment to privacy and security, made an unfortunate misstep in its latest offering—Proton Authenticator, a two-factor authentication app. In the iOS version, users’ TOTP secrets—used to generate one-time...
The post TOTP in the Clear: Proton Authenticator’s Privacy Misstep on iOS appeared first on Penetration Testing Tools.
Apple is developing its own AI engine for answering questions—akin to ChatGPT—according to a report by Bloomberg. The initiative is being led by a newly formed internal team known as Answers, Knowledge, and Information...
The post Apple Forms New “Answers” Team to Build a ChatGPT Rival, Reshaping AI Search appeared first on Penetration Testing Tools.
A critical vulnerability has been discovered in the Squid proxy server, enabling remote execution of arbitrary code. The flaw affects nearly all actively used versions, and given the widespread deployment of Squid, millions of...
The post Critical Squid Flaw Allows Remote Code Execution & Data Leakage appeared first on Penetration Testing Tools.
In the first half of 2025, Sonatype uncovered a large-scale, ongoing assault on the open-source software ecosystem, orchestrated by the North Korean threat actor known as Lazarus. Sonatype’s automated malware detection systems were the...
The post Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets appeared first on Penetration Testing Tools.
A new large-scale threat has emerged on the Android horizon, dubbed PlayPraetor—a sophisticated piece of malware capable of seizing full control over compromised devices. To date, over 11,000 devices have fallen under its sway,...
The post PlayPraetor: New Android RAT Infects 11,000+ Devices with Real-Time On-Device Fraud appeared first on Penetration Testing Tools.
The government of Luxembourg has launched an official investigation into an unprecedented disruption of the national telecommunications system that occurred on July 23. The cause of the outage, which left 4G and 5G mobile...
The post Luxembourg Hit by “Sophisticated” Cyberattack: Huawei Equipment Targeted, Mobile Networks Down for Hours appeared first on Penetration Testing Tools.
Experts at Palo Alto Networks’ Unit 42 have uncovered a new cyber-espionage campaign targeting the telecommunications sector in Southeast Asia. At the heart of these operations lies a threat actor identified as CL-STA-0969, closely...
The post The Telecom Threat: Liminal Panda’s Covert Campaign Targets Southeast Asian Critical Infrastructure appeared first on Penetration Testing Tools.
