Aggregator
全同态密码守护AI时代的个人数据隐私
Apple Ups Bounty to $5 Million for Zero-Click Spyware Exploits
Apple has significantly expanded its bug bounty program dedicated to strengthening the security of the iOS ecosystem. At
The post Apple Ups Bounty to $5 Million for Zero-Click Spyware Exploits appeared first on Penetration Testing Tools.
ClayRat Spyware Campaign Targets Android Users via Fake Apps and Aggressive Self-Propagation
The ClayRat espionage campaign is evolving rapidly and increasingly targeting Android users. According to Zimperium, the malware is
The post ClayRat Spyware Campaign Targets Android Users via Fake Apps and Aggressive Self-Propagation appeared first on Penetration Testing Tools.
Ransomware Group Storm-2603 Abuses Velociraptor for Stealthy LockBit/Babuk Attacks
Attackers have begun abusing the DFIR tool Velociraptor to stage ransomware deployments of LockBit and Babuk. Cisco Talos
The post Ransomware Group Storm-2603 Abuses Velociraptor for Stealthy LockBit/Babuk Attacks appeared first on Penetration Testing Tools.
中国联通现已开启eSIM预约功能 预约后可以通过线上或下线渠道开通eSIM
Storm-2657 Hackers Steal University Salaries by Hijacking Workday HR Accounts
According to a new report from Microsoft Threat Intelligence, the financially motivated group Storm-2657 is conducting large-scale attacks
The post Storm-2657 Hackers Steal University Salaries by Hijacking Workday HR Accounts appeared first on Penetration Testing Tools.
ASCII Smuggling Attack Bypasses Filters, Forcing Gemini to Obey Invisible Commands from Calendar Invites
Researchers at FireTail have discovered the resurrection of an old-class flaw — ASCII Smuggling — now resurfacing in
The post ASCII Smuggling Attack Bypasses Filters, Forcing Gemini to Obey Invisible Commands from Calendar Invites appeared first on Penetration Testing Tools.
Critical 7-Zip Flaws Allow Remote Code Execution via Malicious ZIP Files
Two critical vulnerabilities discovered in the 7-Zip archiver allowed remote execution of arbitrary code when processing ZIP files.
The post Critical 7-Zip Flaws Allow Remote Code Execution via Malicious ZIP Files appeared first on Penetration Testing Tools.
GitHub Copilot Zero-Click CamoLeak Exposed: CVE-2025-59145 (CVSS 9.6) Allowed Silent Data Theft from Private Repos
In June 2025, a researcher operating under the pseudonym rick disclosed a critical vulnerability in GitHub Copilot dubbed
The post GitHub Copilot Zero-Click CamoLeak Exposed: CVE-2025-59145 (CVSS 9.6) Allowed Silent Data Theft from Private Repos appeared first on Penetration Testing Tools.
火狐浏览器将为用户推出Firefox VPN用来保护真实IP地址和流量 避免被追踪
Critical Redis Lua Flaw (CVE-2025-49844) Rated CVSS 10.0 Allows Remote Code Execution
Wiz researchers have recently disclosed a critical vulnerability in Redis affecting version 8.2.1 and earlier releases. Tracked as
The post Critical Redis Lua Flaw (CVE-2025-49844) Rated CVSS 10.0 Allows Remote Code Execution appeared first on Penetration Testing Tools.
RondoDox Botnet Firing ‘Exploit Shotgun’: Targets 56 Vulnerabilities Across 30+ Router and IoT Vendors
Researchers have identified a large-scale wave of attacks orchestrated by the RondoDox botnet, which employs the so-called “exploit
The post RondoDox Botnet Firing ‘Exploit Shotgun’: Targets 56 Vulnerabilities Across 30+ Router and IoT Vendors appeared first on Penetration Testing Tools.
Hacktivist Group TwoNet Exposed: Fabricated Water Utility Attack After Breaching OT Honeypot with Default Credentials
Forescout specialists recorded a targeted intrusion in September against a honeypot simulating the control system of a water-treatment
The post Hacktivist Group TwoNet Exposed: Fabricated Water Utility Attack After Breaching OT Honeypot with Default Credentials appeared first on Penetration Testing Tools.
OpenSSH ProxyCommand Flaw CVE-2025-61984 Bypasses Filters, Allowing RCE via Crafted Usernames
A new vulnerability has been discovered in OpenSSH — CVE-2025-61984 — which permits remote code execution (RCE) by
The post OpenSSH ProxyCommand Flaw CVE-2025-61984 Bypasses Filters, Allowing RCE via Crafted Usernames appeared first on Penetration Testing Tools.
Windows 10 End-of-Life is October 14: Microsoft Pushes Windows 11 Upgrade or Paid ESU
On October 14, 2025, official support for Windows 10—the operating system released by Microsoft in 2015—will come to
The post Windows 10 End-of-Life is October 14: Microsoft Pushes Windows 11 Upgrade or Paid ESU appeared first on Penetration Testing Tools.