Penetration Testing Tools - Metepreter.org

In April 2025, cybersecurity experts from Cisco Talos uncovered a new threat vector: cybercriminals exploiting public repositories on GitHub to host malicious payloads used in distributing the Amadey trojan. According to researchers, the creation...

The post GitHub Weaponized: Cisco Talos Uncovers Massive MaaS Operation Distributing Amadey, Loaders, and Infostealers appeared first on Penetration Testing Tools.

The cryptocurrency exchange BigONE has fallen victim to a cyberattack that resulted in the theft of digital assets valued at $27 million. The breach occurred during the night of July 16, when the platform’s...

The post BigONE Crypto Exchange Hacked for $27 Million: Funds Being Laundered, Users Reassured appeared first on Penetration Testing Tools.

Google has filed a lawsuit against the unidentified operators of the malicious botnet BadBox 2.0, accusing them of orchestrating a large-scale advertising fraud scheme that directly targeted the company’s own platforms. According to the...

The post Google Sues BadBox 2.0: Battling Multi-Million Dollar Ad Fraud Botnet on 10M+ Android Devices appeared first on Penetration Testing Tools.

Google continues to advance Gmail at a vigorous pace, introducing new features enhanced by artificial intelligence. These updates undoubtedly improve user convenience, yet they also force individuals to confront an increasingly difficult trade-off between...

The post Gmail’s New Shielded Email: Google Battles Spam and Boosts Privacy with Disposable Addresses appeared first on Penetration Testing Tools.

NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken...

The post NativeDump: Stealthy LSASS Dumping Tool Bypasses EDRs Using Only NTAPIs appeared first on Penetration Testing Tools.

Intel has officially announced the discontinuation of Clear Linux—one of the most high-performing and innovative Linux distributions in recent years. This decision comes as part of the company’s broader cost-cutting initiative. Designed from the...

The post Intel Axes High-Performance Clear Linux: End of an Era for a Decade of Innovation appeared first on Penetration Testing Tools.

The Akira ransomware group has intensified its operations, adding data from 12 new companies to its dark web leak portal within just three days—from July 15 to 17, 2025. This surge in attacks targeted...

The post Akira Ransomware Unleashes Double Extortion Barrage on 12 Global Companies in 72 Hours appeared first on Penetration Testing Tools.

Researchers at VulnCheck have uncovered a new malicious campaign exploiting the CVE-2021-41773 vulnerability in Apache HTTP Server version 2.4.49. This flaw enables remote code execution by bypassing path traversal protections, allowing attackers to access...

The post New Linuxsys Cryptominer Campaign Exploits Apache HTTP Server & Other Critical Flaws appeared first on Penetration Testing Tools.

Cisco has issued an updated advisory regarding a critical vulnerability in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products. This flaw enables remote attackers to execute arbitrary code on the...

The post Critical Cisco ISE RCE (CVSS 10.0) Follows Active FortiWeb Exploits appeared first on Penetration Testing Tools.

SubHunterX is a powerful bug bounty automation framework designed to silently map attack surfaces and uncover critical vulnerabilities. By combining military-grade reconnaissance techniques with intelligent automation, SubHunterX gives security professionals the edge in identifying...

The post SubHunterX: The Automation Framework for Ultimate Bug Bounty Hunting appeared first on Penetration Testing Tools.

A newly discovered version of the SquidLoader malware has surfaced during a targeted attack on institutions in Hong Kong, sparking significant concern within the financial sector. Of particular alarm is its near-complete evasion of...

The post New SquidLoader Variant Unleashed: Stealthy Malware Hits Hong Kong Financial Sector Undetected appeared first on Penetration Testing Tools.

Microsoft has begun rolling out an update to the Copilot app for Windows, significantly enhancing its artificial intelligence capabilities through the introduction of the Desktop Share feature. With this update, Copilot can now “see”...

The post Microsoft Copilot Gets “Eyes”: New Desktop Share Feature Analyzes Your Screen in Real-Time appeared first on Penetration Testing Tools.

Attacks targeting outdated SonicWall SMA 100 devices have once again exposed the fragility of network perimeters often overlooked by conventional security systems. According to the Google Threat Intelligence Group (GTIG), a targeted campaign employing...

The post SonicWall SMA 100 Devices Under Persistent Attack: UNC6148 Deploys Stealthy OVERSTEP Rootkit appeared first on Penetration Testing Tools.

The latest iteration of the Matanbuchus malware loader, designated version 3.0, has drawn particular scrutiny from cybersecurity experts due to its significant enhancements aimed at evading detection and bypassing modern defensive systems. Originally introduced...

The post Matanbuchus 3.0: The Evolved Malware-as-a-Service Evading Detection & Exploiting Microsoft Teams appeared first on Penetration Testing Tools.

A newly discovered vulnerability in Windows Server 2025—dubbed Golden dMSA—poses a grave risk of widespread compromise across entire Active Directory infrastructures, according to a technical report published by enterprise cybersecurity firm Semperis. The issue...

The post Golden dMSA: Critical Windows Server 2025 Flaw Allows Full Active Directory Takeover appeared first on Penetration Testing Tools.

A recent data breach has exposed a critical vulnerability in the systems of Paradox.ai, the developer behind AI-powered chatbots used in recruitment processes at McDonald’s and other Fortune 500 corporations. The cause of this...

The post Paradox.ai Data Breach: “123456” Password & Nexus Stealer Expose Fortune 500 Clients appeared first on Penetration Testing Tools.

lockc lockc is open source software for providing MAC (Mandatory Access Control) type of security audit for container workloads. The main reason why lockc exists is that containers do not contain. Containers are not as secure and isolated...

The post lockc: Making containers more secure with eBPF and Linux Security Modules appeared first on Penetration Testing Tools.

During the Pwn2Own Berlin 2025 competition, security researcher Manfred Paul successfully demonstrated an attack against the Mozilla Firefox browser’s rendering process by exploiting a vulnerability in the IonMonkey JIT compiler. Although he did not...

The post Pwn2Own Berlin: Critical IonMonkey JIT Bug Exposes Firefox to Memory Corruption appeared first on Penetration Testing Tools.

Google has announced the successful discovery of a critical vulnerability in the widely used SQLite database engine—identified and neutralized before it could be exploited in real-world attacks. The flaw was uncovered by Big Sleep,...

The post Google’s Big Sleep AI Foils Zero-Day Exploit in SQLite Before Attackers Strike appeared first on Penetration Testing Tools.

Amid the accelerating tide of digital transformation, Windows Hello for Business (WHfB) continues to be championed by Microsoft as a modern, passwordless solution for enterprise authentication. Yet, beneath this progressive façade lies an architectural...

The post Windows Hello for Business Flaw: Biometric Bypass Exposes Enterprise Authentication appeared first on Penetration Testing Tools.