Penetration Testing Tools - Metepreter.org

A new threat has emerged in the realm of AI-assisted programming, known as “slopsquatting.” This attack has become particularly dangerous amid the surging popularity of AI coding assistants like Claude Code CLI, OpenAI Codex...

The post AI Coding Assistants Under Attack: “Slopsquatting” Malware Exploits AI Hallucinations for Supply Chain Compromise appeared first on Penetration Testing Tools.

The development team behind the Shellter tool—a utility designed to evade antivirus and EDR detection—has confirmed that their product has fallen into the hands of malicious actors. At the same time, they have accused...

The post Shellter Tool Abused by Hackers: Developers Slam Elastic for “Negligent” Disclosure appeared first on Penetration Testing Tools.

Hackers have stolen nearly $140 million from six Brazilian banks by exploiting the credentials of an employee at C&M, a company responsible for maintaining financial connectivity between commercial banks and the Central Bank of...

The post Brazil Bank Heist: Insider Bribery Leads to $140M Theft from 6 Banks Via C&M Fintech Firm appeared first on Penetration Testing Tools.

Cybersecurity experts at Arctic Wolf have identified a fresh wave of attacks employing SEO poisoning techniques, aimed at distributing a well-known malware loader called Oyster—also referred to as Broomstick or CleanUpLoader. Threat actors are...

The post SEO Poisoning Campaign Targets IT Pros: Fake PuTTY & WinSCP Sites Deliver “Oyster” Backdoor appeared first on Penetration Testing Tools.

Security researchers have unveiled functional exploits targeting a critical vulnerability in Citrix NetScaler ADC and Gateway devices. Designated CVE-2025-5777, the flaw has been informally dubbed CitrixBleed2 — a pointed reference to the similarly severe...

The post Urgent Citrix Bleed 2 (CVE-2025-5777, CVSS 9.3) Actively Exploited: MFA Bypass & Session Hijacking Threaten Enterprises appeared first on Penetration Testing Tools.

Alexander Mogh, a security researcher at ERNW, has uncovered a critical vulnerability in the boot mechanisms of modern Linux distributions, including Ubuntu 25.04 and Fedora 42. Despite full disk encryption, Secure Boot, and password-protected...

The post Linux Boot Flaw (CVE-2016-4484): Secure Boot & Disk Encryption Bypassed, Persistent Malware Possible appeared first on Penetration Testing Tools.

Whether you’re a developer, security engineer, or just a curious person, Cloud Snitch is guaranteed to teach you something and take your relationship with your cloud to the next level. Cloud Snitch provides a...

The post Cloud Snitch: New Open-Source Tool Reveals Hidden Activity & Bolsters Least Privilege in Your AWS Accounts appeared first on Penetration Testing Tools.

Since July 2024, Russia has been the target of a large-scale, highly targeted cyber campaign employing a previously unknown espionage tool named Batavia. According to Kaspersky Lab, the attacks have been directed at industrial...

The post Batavia Spyware Unmasked: Covert Campaign Hits Russian Industrial & Scientific Orgs via Phishing Emails appeared first on Penetration Testing Tools.

The emergence of a new tool known as RingReaper has sparked concern among cybersecurity experts and penetration testing teams alike. This program leverages a legitimate yet highly potent Linux kernel feature called io_uring to...

The post RingReaper: New Linux Tool Leverages io_uring Kernel Feature to Bypass EDR & Stealthily Control Systems appeared first on Penetration Testing Tools.

Since 2023, the RedDrip Team has been meticulously monitoring the activities of one of the most elusive cyber espionage groups. This threat actor, armed with an unknown Exchange exploitation chain, distinguishes itself through substantial...

The post NightEagle APT Unleashed: Zero-Day Exchange Exploit Targets China’s Strategic Industries with Fileless Malware appeared first on Penetration Testing Tools.

A hacker group with affiliations beyond Pakistan has once again drawn attention following its attacks on Indian government entities. According to researchers at Recorded Future, the activity is attributed to the cyber threat group...

The post Pakistan-Aligned APT36 Unleashes DRAT V2: New Delphi RAT Targets Indian Government appeared first on Penetration Testing Tools.

Security researchers have uncovered critical vulnerabilities in SMBClient for macOS that affect both user space and the operating system kernel. These flaws potentially allow for remote execution of arbitrary code and the termination of...

The post Critical macOS SMBClient Flaws Allow Remote Code Execution & Kernel Crashes appeared first on Penetration Testing Tools.

In recent months, cybersecurity experts have observed a dramatic surge in the malicious exploitation of domains within the .es top-level domain (TLD). Over the past six months alone, the number of such incidents has...

The post Spain’s .es Domain Surges 19x in Cybercrime Use: Now Third Most Popular for Phishing & RATs appeared first on Penetration Testing Tools.

Experts at Wiz have identified a new wave of attacks targeting TeamCity servers—a widely used platform for orchestrating CI/CD workflows. Threat actors exploited a misconfigured Java Debug Wire Protocol (JDWP) interface, enabling remote command...

The post Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours appeared first on Penetration Testing Tools.

Nimhawk is an advanced command and control (C2) framework that builds upon the exceptional foundation laid by Cas van Cooten (@chvancooten) with his NimPlant project. Cas’s innovative work in developing a lightweight implant written in Nim has been...

The post Nimhawk: Advanced Nim-Based C2 Framework Revolutionizes Red Team Operations appeared first on Penetration Testing Tools.

A newly emerged botnet known as hpingbot, identified by the NSFOCUS Fuying Lab‘s global threat monitoring system, has rapidly become one of the most prominent cyber threats since its appearance in early June 2025....

The post Hpingbot Unleashed: New Go-Based Botnet Leverages Pastebin & Hping3 for Stealthy Attacks appeared first on Penetration Testing Tools.

A pivotal moment has arrived in the operating system market. For the first time, the latest version of Windows has surpassed its predecessor in user share—a milestone that signals a broader shift across the...

The post Windows 11 Finally Overtakes Windows 10 in User Share as EOL Deadline Looms appeared first on Penetration Testing Tools.

Another relic of the past is being permanently retired from the legendary operating system. Microsoft has initiated the process of removing PowerShell 2.0—a long-obsolete version of the command-line tool—from Windows 11. This iteration first...

The post Microsoft is Finally Removing PowerShell 2.0 from Windows 11: Boosting Security, Retiring Legacy Tool appeared first on Penetration Testing Tools.

Exercise caution if you’re planning to play Call of Duty: WWII via Game Pass on PC. Users have begun reporting a critical vulnerability that allows hackers to remotely execute commands on another player’s computer....

The post Call of Duty: WWII Game Pass PC Hit by Critical RCE Exploit, Players Warned to Stay Away appeared first on Penetration Testing Tools.

As a result of a data breach caused by TalentHook, tens of millions of job seekers’ resumes were left openly accessible online. The incident was first reported by the Cybernews team, which discovered a...

The post TalentHook Data Breach Exposes 26 Million Job Seekers’ Resumes Via Misconfigured Azure Cloud appeared first on Penetration Testing Tools.