Aggregator

Android has released its most extensive patch bundle of the year, outpacing the traditional “Patch Tuesday” cycle. In

The post Android Issues Its Largest Patch of the Year, Fixing 2 Zero-Day Flaws appeared first on Penetration Testing Tools.

Most people remain unaware that their Wi-Fi and Bluetooth devices have quietly become part of a vast, global

The post Your Wi-Fi and Bluetooth Devices Are a Global Tracking Network appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 141. This affects an unknown function of the component GMP. The manipulation results in memory corruption. This vulnerability was named CVE-2025-9179. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Mozilla Thunderbird up to 141. This impacts an unknown function of the component GMP. This manipulation causes memory corruption. The identification of this vulnerability is CVE-2025-9179. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Mozilla Firefox up to 141. It has been classified as problematic. Affected by this issue is some unknown functionality of the component Canvas2D. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. This vulnerability is tracked as CVE-2025-9180. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability marked as problematic has been reported in Mozilla Focus up to 141 on iOS. This impacts an unknown function of the component Header Handler. The manipulation of the argument Content-Disposition leads to cross site scripting. This vulnerability is documented as CVE-2025-55032. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in Mozilla Focus up to 141 on iOS. Affected is an unknown function of the component Javascript Link Handler. The manipulation results in clickjacking. This vulnerability is reported as CVE-2025-55033. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability has been found in Mozilla Firefox up to 141 on iOS and classified as critical. This vulnerability affects unknown code of the component Popup Blocker. Executing manipulation can lead to improper access controls. This vulnerability is handled as CVE-2025-55029. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 141 on iOS. Affected is an unknown function of the component JavaScript Alert Handler. This manipulation causes denial of service. This vulnerability is handled as CVE-2025-55028. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mozilla Firefox and Focus up to 141 on iOS. Affected by this vulnerability is an unknown functionality. Such manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-55031. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Mozilla Firefox up to 141 on iOS. This affects an unknown function of the component Header Handler. Executing manipulation of the argument Content-Disposition can lead to cross site scripting. This vulnerability is registered as CVE-2025-55030. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in ImageMagick up to 6.9.13-26/7.1.2-0. This vulnerability affects the function ReadOneMNGIMage of the file coders/png.c. This manipulation causes integer overflow. This vulnerability is tracked as CVE-2025-55154. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in ImageMagick up to 6.9.13-26/7.1.2-0. This issue affects some unknown processing. Such manipulation leads to reliance on undefined, unspecified, or implementation-defined behavior. This vulnerability is listed as CVE-2025-55160. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical was found in ImageMagick up to 7.1.2-0. Impacted is an unknown function. Performing manipulation results in heap-based buffer overflow. This vulnerability is cataloged as CVE-2025-55005. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

Cybercriminals have discovered a method to bypass X’s restrictions on posting links by exploiting its built-in assistant, Grok.

The post The Grok Exploit: How Hackers Are Using AI to Bypass X’s Filters appeared first on Penetration Testing Tools.

In August 2025, specialists from Dream Threat Intelligence documented a large-scale phishing campaign attributed to actors linked to

The post Iran-Linked Cyber-Espionage Campaign Targets Diplomatic Organizations appeared first on Penetration Testing Tools.

On September 3, 2025, researcher Youfu Zhang reported to the Mozilla dev-security-policy mailing list that the certification authority

The post Cloudflare’s 1.1.1.1 DNS Service Was Targeted by a Rogue Certificate Authority appeared first on Penetration Testing Tools.

微软表示红海多条海底电缆被切断影响了Microsoft Azure的云服务，导致亚洲与欧洲之间的连接性下降。尽管微软已通过中东地区重新路由流量使服务恢复，但延迟可能增加。海底电缆修复复杂且耗时长。

A vulnerability, which was classified as critical, has been found in NS Download Shop 2.2.6 on Joomla. Affected by this issue is the function invoice.create. Such manipulation of the argument ID as part of Parameter leads to sql injection. This vulnerability is listed as CVE-2017-15965. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, was found in Zh YandexMap 6.1.1.0 on Joomla. This affects an unknown part of the file index.php. Performing manipulation of the argument placemarklistid as part of Parameter results in sql injection. This vulnerability is cataloged as CVE-2017-15966. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.