Two critical vulnerabilities discovered in the 7-Zip archiver allowed remote execution of arbitrary code when processing ZIP files.
The post Critical 7-Zip Flaws Allow Remote Code Execution via Malicious ZIP Files appeared first on Penetration Testing Tools.
In June 2025, a researcher operating under the pseudonym rick disclosed a critical vulnerability in GitHub Copilot dubbed
The post GitHub Copilot Zero-Click CamoLeak Exposed: CVE-2025-59145 (CVSS 9.6) Allowed Silent Data Theft from Private Repos appeared first on Penetration Testing Tools.
Wiz researchers have recently disclosed a critical vulnerability in Redis affecting version 8.2.1 and earlier releases. Tracked as
The post Critical Redis Lua Flaw (CVE-2025-49844) Rated CVSS 10.0 Allows Remote Code Execution appeared first on Penetration Testing Tools.
Researchers have identified a large-scale wave of attacks orchestrated by the RondoDox botnet, which employs the so-called “exploit
The post RondoDox Botnet Firing ‘Exploit Shotgun’: Targets 56 Vulnerabilities Across 30+ Router and IoT Vendors appeared first on Penetration Testing Tools.
Forescout specialists recorded a targeted intrusion in September against a honeypot simulating the control system of a water-treatment
The post Hacktivist Group TwoNet Exposed: Fabricated Water Utility Attack After Breaching OT Honeypot with Default Credentials appeared first on Penetration Testing Tools.
A new vulnerability has been discovered in OpenSSH — CVE-2025-61984 — which permits remote code execution (RCE) by
The post OpenSSH ProxyCommand Flaw CVE-2025-61984 Bypasses Filters, Allowing RCE via Crafted Usernames appeared first on Penetration Testing Tools.
On October 14, 2025, official support for Windows 10—the operating system released by Microsoft in 2015—will come to
The post Windows 10 End-of-Life is October 14: Microsoft Pushes Windows 11 Upgrade or Paid ESU appeared first on Penetration Testing Tools.
msLDAPDump LDAP enumeration tool implemented in Python3 msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the
The post msLDAPDump: LDAP enumeration tool appeared first on Penetration Testing Tools.
ReconAIzer ReconAIzer is a powerful Jython extension for Burp Suite that leverages OpenAI to help bug bounty hunters
The post ReconAIzer: leverages OpenAI to help bug bounty hunters optimize their recon process appeared first on Penetration Testing Tools.
A new wave of phishing attacks has laid bare just how sophisticated social-engineering techniques have become. Researchers have
The post New Cache Smuggling Phishing Attack Delivers Malware via Browser Cache appeared first on Penetration Testing Tools.
The Microsoft Teams messenger, widely used for corporate communication, has increasingly become a convenient arena for cyberattacks. According
The post Microsoft Teams: New Report Exposes How APTs and Ransomware Groups Weaponize Collaboration Features to Breach Enterprises appeared first on Penetration Testing Tools.
In August 2025, researchers from Huntress observed a cyberattack involving the abuse of the legitimate server-monitoring tool Nezha,
The post China-Linked Hackers Weaponize Nezha Monitoring Tool and Log Poisoning to Deploy Gh0st RAT on 100+ Systems appeared first on Penetration Testing Tools.
The popular design tool Figma has faced a potential security threat due to a vulnerability in the Model
The post High-Severity Figma MCP Flaw CVE-2025-53967 Allows Remote Command Injection via Fallback Mechanism appeared first on Penetration Testing Tools.
The ClamAV 1.5.0 antivirus engine has been released, introducing one of the most significant updates in recent years
The post ClamAV 1.5.0 Released: Major Update Adds FIPS Mode Support and Switches Cache Hashing to SHA-256 appeared first on Penetration Testing Tools.
A critical vulnerability has been discovered in the popular WordPress theme Service Finder, allowing attackers to gain unauthorized
The post Critical WordPress Flaw CVE-2025-5947 (CVSS 9.8) Under Active Exploitation for Admin Takeover appeared first on Penetration Testing Tools.
Nearly a year after the incident, a Florida-based medical company has disclosed the full scale of a major
The post Medical Data Breach: Florida Firm Discloses Patient Info Stolen in Nov 2024 Attack — Nearly a Year Later appeared first on Penetration Testing Tools.
According to a LayerX report, thousands of corporate users are inputting personal and payment data into ChatGPT prompts—often
The post Shadow AI Leakage: Study Finds 77% of Employees Paste Sensitive Data into ChatGPT from Unsecured Accounts appeared first on Penetration Testing Tools.
Crassus Windows privilege escalation discovery tool Why “Crassus”? Accenture made a tool called Spartacus, which finds DLL hijacking opportunities
The post Crassus: Windows privilege escalation discovery tool appeared first on Penetration Testing Tools.
Jaguar Land Rover has announced the gradual resumption of operations at its factories following a massive cyberattack that
The post Jaguar Land Rover Resumes Production After Cyberattack, Launches Supplier Bailout with UK Government-Backed Loan appeared first on Penetration Testing Tools.
The threat actor known as BatShadow, linked to Vietnam, has launched a new malicious campaign targeting job seekers
The post BatShadow APT Launches Vampire Bot Campaign, Targeting Job Seekers with Malicious Samsung Lures appeared first on Penetration Testing Tools.
