Aggregator

A vulnerability has been found in Intelbras InControl up to 2.21.60.9 and classified as problematic. This issue affects some unknown processing of the file /v1/operador/. Performing manipulation results in csv injection. This vulnerability is known as CVE-2025-7061. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in Microweber CMS up to 1.2.11. This vulnerability affects unknown code of the file /api/BackupV2/upload of the component Backup Management API. The manipulation of the argument src results in path traversal. This vulnerability was named CVE-2025-34076. The attack may be performed from a remote location. There is no available exploit.

A vulnerability described as critical has been identified in Intelbras InControl 2.21.60.9. This affects an unknown part of the file /v1/operador/ of the component HTTP PUT Request Handler. Executing manipulation can lead to permission issues. The identification of this vulnerability is CVE-2025-6765. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

On a well-known data leak forum, a post has surfaced advertising the sale of a database allegedly containing 15.8 million PayPal accounts, complete with email addresses and plaintext passwords. The seller claims the information...

The post A “15.8 Million” Account Leak? Hackers Claim New PayPal Data Dump, Company Denies Breach appeared first on Penetration Testing Tools.

Washington and London have at last managed to reach an accord on an issue that threatened to escalate into a serious diplomatic and technological conflict. U.S. Director of National Intelligence Tulsi Gabbard announced that...

The post UK Government Drops Demand for iCloud Backdoor appeared first on Penetration Testing Tools.

尽管XZ Utils后门漏洞CVE-2024-3094早在 204年3月就已公开披露，引发全球安全社区高度警觉，但该漏洞的威胁仍在持续蔓延。至少12个Debian基础镜像仍暗藏恶意代码，由此衍生的"二阶"受感染镜像数量更是突破35个

A serious incident was recently uncovered on Lenovo’s website involving its corporate chatbot, Lena, designed to assist customers. Cybernews researchers revealed that Lena was vulnerable to an XSS-based attack chain, enabling attackers—through nothing more...

The post A Single Prompt Is All It Takes: Lenovo Chatbot Vulnerability Exposes Customers and Staff appeared first on Penetration Testing Tools.

Cloud adoption is speeding ahead in the business services sector, but security for remote and edge environments is falling behind. At the same time, generative AI is moving into daily workflows faster than most IT teams are prepared for. Those are the key takeaways from a new Aryaka survey of more than 100 North American IT and infrastructure leaders in finance, legal, consulting, and HR services. The report found that most firms have embraced hybrid … More →

The post Why CISOs in business services must close the edge security gap appeared first on Help Net Security.

At the beginning of 2025, Trellix specialists uncovered a sweeping cyber-espionage campaign targeting diplomatic missions in Seoul. Between March and July, at least nineteen phishing attacks were recorded, in which North Korean–linked actors impersonated...

The post Inside Kimsuky’s GitHub-Powered Cyber-Espionage Campaign appeared first on Penetration Testing Tools.

当 AI 不再抢手机，手机 Agent 可能就真正可用了。

1999 元的定价不是颠覆赛道，而是普及认知。

TikTok has found itself at the center of a new scandal following an investigation by 404 Media: through TikTok Shop, vast numbers of GPS trackers and covert audio devices are being sold, brazenly advertised...

The post TikTok Shop Is Selling GPS Trackers and Audio Recorders for Stalking Partners appeared first on Penetration Testing Tools.

The HexStrike AI repository has released HexStrike AI MCP Agents v6.0—a powerful framework for automating penetration tests. The system integrates more than 150 security tools and 12 autonomous AI agents operating through the FastMCP...

The post “Automated and Dangerous”: A New AI Framework Can Run 150+ Hacking Tools Autonomously appeared first on Penetration Testing Tools.

In the latest issue of the hacker magazine Phrack, a vast archive has been published detailing the operations of North Korean cybercriminal groups. The leak includes exploitation techniques, information on compromised systems, and a...

The post “A True Nightmare”: Leaked Archive Reveals a Highly Sophisticated Linux Rootkit appeared first on Penetration Testing Tools.

A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot. Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice (DoJ) said. The botnet has been used to carry out large-scale DDoS-for-hire attacks targeting

Cybercriminals have discovered a way to weaponize Cisco’s own security mechanisms against its users. Researchers at Raven have documented a credential theft campaign in which attackers learned to exploit Cisco’s Safe Links technology—a tool...

The post The Ultimate Betrayal: How Attackers Are Weaponizing Cisco’s Own Safe Links to Phish Users appeared first on Penetration Testing Tools.

让我用一个简单案例，介绍LLM推理能力的进化。

Архив, обвиняемый в пиратстве, становится гарантом сохранения мировой культуры.

iOS 18 comes with several privacy and security features that many iPhone users overlook. Knowing how to use them can help you protect your personal information and control which apps can access your data. USB Accessories Lock iOS 18 allows you to control whether accessories can connect to your iPhone, iPad, or iPod touch while it’s locked. By default, this setting is off, which helps prevent unauthorized access to your device through USB or other … More →

The post iOS security features you should use to protect your privacy appeared first on Help Net Security.