Researchers have reported a sharp surge in credential-stuffing attempts targeting Fortinet devices with SSL VPN enabled. On August 3, 2025, GreyNoise detected a wave of suspicious traffic involving more than 780 distinct IP addresses....
The post A Storm on the Horizon: Fortinet SSL VPNs Hit by Credential-Stuffing Attacks appeared first on Penetration Testing Tools.
Microsoft has announced that in three months, devices running Windows 11 version 23H2 in the Home and Pro editions will cease to receive updates. Support for Enterprise and Education editions will continue until November...
The post Time to Update: Windows 11 23H2 Home and Pro Editions Are Losing Support Soon appeared first on Penetration Testing Tools.
Researchers at ETH Zurich have unveiled a novel attack against AMD’s SEV-SNP hardware isolation mechanism, enabling a hypervisor-level adversary to extract sensitive data from protected virtual machines. Dubbed Heracles, the attack demonstrates how to...
The post Heracles: New Attack Exploits AMD SEV-SNP to Steal Data from Protected VMs appeared first on Penetration Testing Tools.
The hacker groups ShinyHunters and Scattered Spider, once operating independently, now appear to have joined forces in a coordinated campaign to extort data from Salesforce’s corporate clients. As noted by ReliaQuest, ShinyHunters has undergone...
The post The Alliance of Chaos: How ShinyHunters and Scattered Spider Merged to Target Salesforce appeared first on Penetration Testing Tools.
Bitdefender researchers have identified a previously unknown cyber-espionage group, provisionally dubbed Curly COMrades. According to the report, the threat actors are focused on maintaining long-term, covert access to the infrastructure of Georgian governmental and...
The post Curly COMrades: The Stealthy Cyber-Espionage Group You Haven’t Heard Of appeared first on Penetration Testing Tools.
Authorities in Saint Paul, Minnesota, are still grappling with the aftermath of a cyberattack that crippled large portions of the city’s municipal operations. Responsibility for the incident has been claimed by the hacking group...
The post Saint Paul Cyberattack Disrupts City, Interlock Ransomware Group Claims 43GB Data Theft appeared first on Penetration Testing Tools.
U.S. authorities have disclosed the details of a July operation against the BlackSuit ransomware syndicate, a coordinated strike that dismantled the group’s infrastructure and seized its digital assets. On July 24, in an internationally...
The post Law Enforcement Dismantles BlackSuit Ransomware, Seizing Servers and $1M in Crypto appeared first on Penetration Testing Tools.
The North Korean cyber-espionage group Kimsuky has unexpectedly found itself in the role of victim after two hackers — identifying themselves as the “antithesis of Kimsuky’s values” — infiltrated its infrastructure and released stolen...
The post Kimsuky Hacked: Hackers Leak 8.9GB of Stolen Data and Tools from North Korean Group appeared first on Penetration Testing Tools.
The ESET research team has published a detailed analysis revealing how the cyber-espionage group RomCom exploited a previously unknown path-traversal vulnerability in WinRAR (CVE-2025-8088) to stealthily install malicious software on victims’ computers. This flaw...
The post WinRAR Zero-Day (CVE-2025-8088) Exploited by RomCom Hackers, ESET Warns appeared first on Penetration Testing Tools.
Researchers have determined that a critical flaw in the SSH stack implementation of Erlang/Open Telecom Platform had been actively exploited as early as May 2025, with roughly 70% of detections targeting firewalls safeguarding industrial...
The post Critical Erlang/OTP Flaw (CVE-2025-32433) Actively Exploited, Poses Major Threat to Industrial Networks appeared first on Penetration Testing Tools.
Analysts from FortiMail Workspace Security have uncovered a targeted campaign against Israeli companies and organizations within critical infrastructure sectors. The attackers exploited a compromised internal email system to send highly convincing messages to regional...
The post Phishing to PowerShell RAT: New Fileless Attack Targets Israeli Critical Infrastructure appeared first on Penetration Testing Tools.
Pavel Durov announced that over the past 20 days, Telegram has received hundreds of reports from users about cases of extortion and doxxing. Based on these complaints, the platform initiated a large-scale purge of...
The post Telegram Fights Back: Platform Purges Channels Used for Extortion and Doxxing appeared first on Penetration Testing Tools.
Automation of IT infrastructure management through artificial intelligence, as revealed in a recent study by RSAC Labs and George Mason University, may carry substantial risks. The researchers found that AIOps solutions—systems leveraging models akin...
The post AIOps Under Threat: Researchers Demonstrate How to Poison AI to Hack IT Infrastructure appeared first on Penetration Testing Tools.
No AI product in history has stirred such a tidal wave of anticipation as OpenAI’s long-awaited GPT-5. Yet, following its high-profile launch last week, the model swiftly found itself under fire—a troubling omen for...
The post GPT-5 Under Fire: OpenAI’s Latest Model Faces Backlash and “Jailbreak” Flaws appeared first on Penetration Testing Tools.
Since its emergence in the spring of 2024, the ransomware-as-a-service (RaaS) group Embargo has rapidly secured a prominent position in the cybercriminal landscape. According to TRM Labs, wallets linked to the operation may have...
The post Embargo Ransomware Emerges as a Major Threat, Raking in Over $34M in Ransoms appeared first on Penetration Testing Tools.
A hidden system prompt for GPT-5 has surfaced online, published on GitHub. This set of internal rules defines what ChatGPT may and may not do, which types of data it can retain, and which...
The post GPT-5’s Leaked System Prompt Reveals Strict New Privacy Rules appeared first on Penetration Testing Tools.
A wave of SMS fraud sweeping across the United States and beyond has entered a new and more insidious phase. Behind seemingly mundane yet convincing messages about unpaid fines or failed deliveries lies a...
The post Magic Mouse: The Evolution of a Global SMS Phishing Epidemic appeared first on Penetration Testing Tools.
The Debian GNU/Hurd development team has announced the release of version 2025. While not an official release of the core Debian distribution, it marks the official publication of the GNU/Hurd port, synchronized with the...
The post Debian GNU/Hurd 2025 Is Here with Full 64-Bit Support After 2 Years appeared first on Penetration Testing Tools.
Security experts at SafeBreach have disclosed the details of a vulnerability in the Windows Remote Procedure Call (RPC) protocol, patched by Microsoft in the July 2025 security update. Tracked as CVE-2025-49760 with a CVSS...
The post our Windows System Is Not Safe: New ‘EPM Poisoning’ Attack Hijacks RPC Protocol appeared first on Penetration Testing Tools.
Although former design chief Jony Ive has long since departed from Apple, his visionary “single block of glass” iPhone concept still appears to guide the company’s long-term design philosophy. Recently, a newly filed Apple...
The post Apple Patent Reveals a ‘Six-Sided Glass’ iPhone Concept appeared first on Penetration Testing Tools.
