Aggregator
China-Linked Hackers Weaponize Nezha Monitoring Tool and Log Poisoning to Deploy Gh0st RAT on 100+ Systems
In August 2025, researchers from Huntress observed a cyberattack involving the abuse of the legitimate server-monitoring tool Nezha,
The post China-Linked Hackers Weaponize Nezha Monitoring Tool and Log Poisoning to Deploy Gh0st RAT on 100+ Systems appeared first on Penetration Testing Tools.
High-Severity Figma MCP Flaw CVE-2025-53967 Allows Remote Command Injection via Fallback Mechanism
The popular design tool Figma has faced a potential security threat due to a vulnerability in the Model
The post High-Severity Figma MCP Flaw CVE-2025-53967 Allows Remote Command Injection via Fallback Mechanism appeared first on Penetration Testing Tools.
ClamAV 1.5.0 Released: Major Update Adds FIPS Mode Support and Switches Cache Hashing to SHA-256
The ClamAV 1.5.0 antivirus engine has been released, introducing one of the most significant updates in recent years
The post ClamAV 1.5.0 Released: Major Update Adds FIPS Mode Support and Switches Cache Hashing to SHA-256 appeared first on Penetration Testing Tools.
Critical WordPress Flaw CVE-2025-5947 (CVSS 9.8) Under Active Exploitation for Admin Takeover
A critical vulnerability has been discovered in the popular WordPress theme Service Finder, allowing attackers to gain unauthorized
The post Critical WordPress Flaw CVE-2025-5947 (CVSS 9.8) Under Active Exploitation for Admin Takeover appeared first on Penetration Testing Tools.
7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code Remotely
Two high-severity vulnerabilities have been discovered in the popular open-source file archiver, 7-Zip, which could allow remote attackers to execute arbitrary code. Identified as CVE-2025-11001 and CVE-2025-11002, the flaws affect all versions of the software prior to the latest release and require immediate patching. Flaw in Symbolic Link Processing The core of both vulnerabilities lies […]
The post 7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code Remotely appeared first on Cyber Security News.
Figure 03: человекоподобный робот, который уже готов заменить человека
JVN: Draytek製Vigorルーターにおける初期化されていないリソース使用の脆弱性
Pentera Acquires DevOcean to Streamline Vulnerability Fixes
Pentera has acquired DevOcean to close a major operational gap in threat resolution. With AI-based prioritization and remediation orchestration across over 100 tools, Pentera is building a unified platform to address both attack simulation and fix deployment.
Breach Roundup: Insurers Spend Big on Cybersecurity
This week, insurer cybersecurity spending, a Renault breach, a WhatsApp malware campaign in Brazil. Germany skeptical of Chat Control. Two UK teens arrested for ransomware attack. Qilin claimed the attack on Japan's Asahi. Hackers weaponized Nezha. An Invoice data breach exposed personal records.
Australia Levies First-Ever Privacy Act Fine in Lab Breach
An Australian court has fined a medical lab $5.8 million for cybersecurity failures leading up to - and following - a 2022 cyberattack that affected 223,000 patients. The penalty marked the first time Australia has levied a civil monetary fine for violations of its Privacy Act of 1988.
Pentera Acquires DevOcean to Streamline Vulnerability Fixes
Pentera has acquired DevOcean to close a major operational gap in threat resolution. With AI-based prioritization and remediation orchestration across over 100 tools, Pentera is building a unified platform to address both attack simulation and fix deployment.
GitHub Copilot Chat Flaw Let Private Code Leak Via Images
A now-patched flaw in GitHub Copilot Chat could have allowed attackers to steal private source code and secrets by embedding hidden prompts that hijacked the artificial intelligence assistant's responses. The exploit also used the code hosting platform's image proxy to leak the stolen data.