Aggregator

Patch Tuesday — когда у Windows день стирки, а белья слишком много.

The North Korean cyber-espionage group Kimsuky has unexpectedly found itself in the role of victim after two hackers — identifying themselves as the “antithesis of Kimsuky’s values” — infiltrated its infrastructure and released stolen...

The post Kimsuky Hacked: Hackers Leak 8.9GB of Stolen Data and Tools from North Korean Group appeared first on Penetration Testing Tools.

The ESET research team has published a detailed analysis revealing how the cyber-espionage group RomCom exploited a previously unknown path-traversal vulnerability in WinRAR (CVE-2025-8088) to stealthily install malicious software on victims’ computers. This flaw...

The post WinRAR Zero-Day (CVE-2025-8088) Exploited by RomCom Hackers, ESET Warns appeared first on Penetration Testing Tools.

Researchers have determined that a critical flaw in the SSH stack implementation of Erlang/Open Telecom Platform had been actively exploited as early as May 2025, with roughly 70% of detections targeting firewalls safeguarding industrial...

The post Critical Erlang/OTP Flaw (CVE-2025-32433) Actively Exploited, Poses Major Threat to Industrial Networks appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, has been found in Advanced File Manager Plugin on WordPress. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-0818. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in File Manager Plugin on WordPress. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-0818. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in File Manager Pro Plugin on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-0818. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Easy Restaurant Menu Manager Plugin up to 2.0.2 on WordPress and classified as problematic. Affected by this issue is the function nsc_eprm_save_menu. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-8491. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-8760. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply restrictive firewalling.

A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124 and classified as critical. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denial of service. This vulnerability was named CVE-2025-8761. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124 and classified as problematic. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. The identification of this vulnerability is CVE-2025-8762. It is possible to launch the attack on the physical device. Furthermore, there is an exploit available.

Analysts from FortiMail Workspace Security have uncovered a targeted campaign against Israeli companies and organizations within critical infrastructure sectors. The attackers exploited a compromised internal email system to send highly convincing messages to regional...

The post Phishing to PowerShell RAT: New Fileless Attack Targets Israeli Critical Infrastructure appeared first on Penetration Testing Tools.

Pavel Durov announced that over the past 20 days, Telegram has received hundreds of reports from users about cases of extortion and doxxing. Based on these complaints, the platform initiated a large-scale purge of...

The post Telegram Fights Back: Platform Purges Channels Used for Extortion and Doxxing appeared first on Penetration Testing Tools.

美国政府将关闭更多气象卫星。NOAA-15原定于8月12日退役，因NOAA-19故障推迟至8月18日。Gabe尝试最后一次接收信号并成功。

Automation of IT infrastructure management through artificial intelligence, as revealed in a recent study by RSAC Labs and George Mason University, may carry substantial risks. The researchers found that AIOps solutions—systems leveraging models akin...

The post AIOps Under Threat: Researchers Demonstrate How to Poison AI to Hack IT Infrastructure appeared first on Penetration Testing Tools.

No AI product in history has stirred such a tidal wave of anticipation as OpenAI’s long-awaited GPT-5. Yet, following its high-profile launch last week, the model swiftly found itself under fire—a troubling omen for...

The post GPT-5 Under Fire: OpenAI’s Latest Model Faces Backlash and “Jailbreak” Flaws appeared first on Penetration Testing Tools.

微软推出轻量级配套应用（联系人、日历、文件搜索），专为Microsoft 365商业版和企业版用户设计，固定于任务栏以提升工作效率。

Ashlar-Vellumが提供する複数の製品には、複数の脆弱性が存在します。

Johnson Controlsが提供する複数の製品には、複数の脆弱性が存在します。