According to a report by Microsoft Threat Intelligence, the group Storm-0501 has shifted its focus from traditional on-premises ransomware campaigns to tactics centered on cloud services. Whereas in the past attackers deployed encryptors onto...
The post How Storm-0501 is Pivoting to Cloud-Native Attacks appeared first on Penetration Testing Tools.
The U.S. National Security Agency, the U.K.’s National Cyber Security Centre, and partners from more than ten countries have attributed the global Salt Typhoon operations to three Chinese technology companies. Now, the FBI and...
The post NSA, CISA, & Partners Expose Chinese APT Groups appeared first on Penetration Testing Tools.
Octosuite Octosuite is an open-source lightweight yet advanced osint framework that targets GitHub users and organizations. With over 20+ features, Octosuite only runs on 2 external dependencies. And returns the gathered intelligence in a...
The post Octosuite: Advanced Github OSINT Framework appeared first on Penetration Testing Tools.
NetScaler has issued an urgent advisory warning administrators of three newly discovered vulnerabilities in NetScaler ADC and NetScaler Gateway—one of which is already being actively exploited. Updates are now available, and the vendor strongly...
The post CVE-2025-7775: NetScaler Zero-Day Is Under Active Attack appeared first on Penetration Testing Tools.
A newly discovered critical vulnerability in Docker Desktop has placed Windows users at significant risk. Tracked as CVE-2025-9074 and rated 9.3 out of 10 on the CVSS scale, the flaw enables attackers to bypass...
The post Critical Docker Desktop Flaw Allows Attackers to Escape Containers and Hijack the Host appeared first on Penetration Testing Tools.
MathWorks, the developer of the widely used software MATLAB and SIMULINK, has disclosed a major ransomware attack that has impacted thousands of its users. The incident occurred in the spring of 2025, but its...
The post Ransomware Attack on MathWorks Exposes Data of Over 10,000 Users appeared first on Penetration Testing Tools.
Drift has disclosed details of a security incident involving its Salesforce integration. Between August 8 and August 18, 2025, an unknown actor exploited OAuth credentials to extract data from customer Salesforce instances. According to...
The post Data Theft Alert: Salesforce Instances Breached via Third-Party App OAuth Tokens appeared first on Penetration Testing Tools.
In August of this year, specialists from Israel’s National Digital Agency uncovered a large-scale campaign known as ShadowCaptcha, designed to compromise users through more than a hundred hacked WordPress websites. These sites had been...
The post ShadowCaptcha: A New Malware Campaign Uses Fake CAPTCHAs to Steal Data appeared first on Penetration Testing Tools.
Researchers at Check Point Research have uncovered a new targeted campaign, dubbed ZipLine, which leverages the malicious tool MixShell against industrial and high-tech companies. The hallmark of this operation lies in its unorthodox delivery...
The post ZipLine: New Campaign Triggers Victims to Call Hackers appeared first on Penetration Testing Tools.
A cyberattack against the Israeli “kosher internet” provider Internet Rimon, which serves religious and ultra-Orthodox communities, disrupted its services on the evening of August 23. The Iranian group Promised Revenge has claimed responsibility. The...
The post Cyberattack on Israeli “Kosher Internet” Provider Disrupts Service appeared first on Penetration Testing Tools.
Nevada’s network of state institutions was left paralyzed following an incident that occurred in the early hours of August 24. As a result of the attack, the state’s IT infrastructure ceased functioning, forcing most...
The post Cyberattack Paralyzes Nevada, Forcing Government Offices to Close appeared first on Penetration Testing Tools.
Researchers have unveiled ONEFLIP, a groundbreaking attack technique that introduces a novel method of covertly modifying neural networks, marking a major advance in hardware-level threats against AI. Unlike traditional backdoors that rely on tampering...
The post ONEFLIP: A Single Bit Can Hijack an AI, Redefining Hardware-Level Threats appeared first on Penetration Testing Tools.
Google has released an emergency update for Chrome to address a critical vulnerability, CVE-2025-9478, in the ANGLE graphics library. The flaw, a use-after-free error discovered on August 11 by the Google Big Sleep team,...
The post CVE-2025-9478: Google Chrome Patches Critical Use-After-Free Vulnerability appeared first on Penetration Testing Tools.
ESET specialists have reported the first documented case of ransomware in which artificial intelligence plays a central role. The newly discovered strain, named PromptLock, is written in Go and leverages OpenAI’s local gpt-oss:20b model...
The post PromptLock: The AI-Powered Ransomware That Writes Its Own Code appeared first on Penetration Testing Tools.
The fast-glob library—used in thousands of public Node.js projects and in more than thirty systems of the U.S. Department of Defense—has turned out to be the work of a single developer. Online profiles indicate...
The post The Single Point of Failure: A Russian Developer Maintains a Core Node.js Library appeared first on Penetration Testing Tools.
Openness has long been the defining distinction between Android and the iPhone, yet in recent years Google has steadily shifted the balance toward security. Now the company is preparing its most radical step yet...
The post Beyond Google Play: The End of Anonymous Sideloading Is Coming to Android appeared first on Penetration Testing Tools.
On August 24, 2025, the world marked the 30th anniversary of Windows 95—Microsoft’s first truly mass-market 32-bit consumer operating system, a release that profoundly reshaped personal computing. In an era of limited home internet,...
The post The Operating System That Changed Everything: Windows 95 Turns 30 appeared first on Penetration Testing Tools.
The creator of the spyware TheTruthSpy—the Vietnamese company 1Byte Software, led by Vanh (Vardi) Tiu—has once again found itself at the center of a major scandal. Independent security researcher Swarang Veid has uncovered a...
The post Spyware Exposed: A Critical Unpatched Flaw in TheTruthSpy Puts Thousands at Risk appeared first on Penetration Testing Tools.
The Auchan retail chain has fallen victim to a cyber incident targeting its customer loyalty program. This time, attackers gained access to the personal data of clients registered in the Waaoh loyalty scheme. Information...
The post Auchan Suffers Another Data Breach, Exposing Customer Loyalty Data appeared first on Penetration Testing Tools.
GreyNoise has observed a sharp and highly atypical surge in reconnaissance activity targeting Microsoft Remote Desktop Web Access and the RDP Web Client: 1,971 unique IP addresses were active simultaneously, whereas the company typically...
The post GreyNoise Detects Massive Surge in RDP Web Access Probing: Prelude to Password Attacks? appeared first on Penetration Testing Tools.
