A new entrant from the United Arab Emirates has shaken up the tightly controlled vulnerability market. Advanced Security Solutions, launched in August, has announced its willingness to pay up to $20 million for smartphone...
The post Bidding War: A New Firm Is Offering a Record $20 Million for Zero-Day Exploits appeared first on Penetration Testing Tools.
Microsoft has restricted Chinese companies’ access to early notifications about vulnerabilities in its products. The decision follows an internal investigation into potential leaks from the Microsoft Active Protections Program (MAPP), a system designed to...
The post Microsoft Restricts China’s Access to Vulnerability Data After Suspected Leaks appeared first on Penetration Testing Tools.
Amid the escalating wave of cyberthreats—particularly from advanced threat groups—one of the most dangerous yet persistently underestimated attack vectors remains almost unchanged: the compromise of user accounts through password guessing. According to the newly...
The post Alarming Report: The Simple Attack That’s Breaching Half of Corporate Networks appeared first on Penetration Testing Tools.
The story of an enthusiast hacker breaching McDonald’s digital infrastructure in pursuit of free chicken nuggets has spiraled into a sweeping security investigation, exposing dozens of critical vulnerabilities within the corporation’s systems. On August...
The post From Nuggets to Breaches: A Hacker Exposes Critical Flaws in McDonald’s Systems appeared first on Penetration Testing Tools.
Researchers at Resecurity have drawn attention to an exceptionally dangerous attack that enables adversaries to seize full control over an organization’s Active Directory domain infrastructure—all while exploiting default Windows configurations. The technique combines MITM6,...
The post Total Takeover: The Attack That Seizes Your Active Directory With Default Settings appeared first on Penetration Testing Tools.
Researchers have uncovered a new politically tinged campaign targeting the Solana blockchain ecosystem and, apparently, developers of cryptocurrency projects in Russia. Specialists at Safety, a company focused on securing software supply chains, identified a...
The post Malicious Go Module Targets Solana Devs, Leaking Data to a “U.S.-Based” Server appeared first on Penetration Testing Tools.
The popular Chrome extension FreeVPN.One, installed by more than 100,000 users and marked with a verification check, has been exposed as spyware. Researchers from Koi Security discovered that it secretly captures screenshots of user...
The post Danger: “Verified” Chrome VPN Extension Exposed as Screen-Capturing Spyware appeared first on Penetration Testing Tools.
In its latest Fastly Threat Insights report, researchers analyzed more than 6.5 trillion monthly web requests to uncover emerging patterns in AI bot traffic. This rapidly expanding segment of automated systems is already exerting...
The post AI Bots Are Now Flooding the Web, Straining Servers and Skewing Analytics appeared first on Penetration Testing Tools.
The website automation platform Lovable has found itself at the center of widespread abuse. Researchers from Proofpoint have documented a sharp increase in cases where its features, originally intended for legitimate web projects, were...
The post The Dark Side of Automation: How a Website Builder Became a Phishing Machine appeared first on Penetration Testing Tools.
IBM X-Force specialists have reported the emergence of a new loader, QuirkyLoader, which since late 2024 has been employed to distribute a wide array of well-known malware families, including Agent Tesla, AsyncRAT, FormBook, MassLogger,...
The post QuirkyLoader: The New A-List Malware Loader Hiding in Plain Sight appeared first on Penetration Testing Tools.