Aggregator

Currently trending CVE - Hype Score: 11 - NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information ...

Eight European countries have yet to transpose NIS2 into law, exposing them to regulatory action

London, United Kingdom, 11th August 2025, CyberNewsWire

ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise their targets

A vulnerability was discovered in the online access system for auto dealers of one of the world’s largest car manufacturers—uncovered simply by examining the page’s code. Security researcher Eitan Zwer of Harness reported that...

The post Just Two Flaws in a Car Manufacturer’s Portal Allowed a Researcher to Unlock Cars and Expose Data appeared first on Penetration Testing Tools.

A vulnerability was found in Broadcom Symantec PGP Encryption 11.0.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-8661. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Broadcom Symantec PGP Encryption 11.0.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2025-8660. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Google Keras up to 3.10.0 and classified as problematic. This vulnerability affects the function Model.load_model. The manipulation leads to deserialization. This vulnerability was named CVE-2025-8747. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

Researchers at Forcepoint X-Labs have identified a new malware campaign targeting macOS users. The attack employs an enhanced ClickFix technique—combining phishing with social engineering—to steal data from cryptocurrency wallets, browser accounts, and confidential files....

The post New ‘Odyssey Stealer’ Malware Hijacks macOS, Steals Crypto with ClickFix appeared first on Penetration Testing Tools.

At DEF CON 33, researchers from SafeBreach unveiled a new attack technique dubbed Win-DDoS, capable of transforming thousands of publicly accessible domain controllers (DCs) worldwide into a powerful botnet for large-scale DDoS attacks. The...

The post New ‘Win-DDoS’ Attack Turns Windows Servers Into a Global Botnet appeared first on Penetration Testing Tools.

Researchers at Eclypsium have uncovered critical vulnerabilities in the Lenovo 510 FHD and Lenovo Performance FHD webcams that allow them to be transformed into BadUSB-style attack devices. The issue, dubbed BadCam, was presented at...

The post Your Webcam Can Be a Hacker’s Weapon: New ‘BadCam’ Attack Hijacks Lenovo Devices appeared first on Penetration Testing Tools.

Researchers showed how hackers can exploit flaws in a bus’ onboard and remote systems for tracking, control and spying. Researchers Chiao-Lin ‘Steven Meow’ Yu of Trend Micro Taiwan and Kai-Ching ‘Keniver’ Wang of CHT Security, found that vulnerabilities in smart bus systems could let hackers remotely track, control, or spy on vehicles, exposing risks from […]

Министерство предлагает новый формат SIM-карт для детей.

Linus Torvalds delivered a sharp rebuke to the initial batch of RISC-V patches proposed for inclusion in Linux 6.17, citing both their untimely submission and the presence of what he called “garbage” changes unrelated...

The post Linus Torvalds Rejects ‘Garbage’ RISC-V Code, Delays It for Linux 6.17 appeared first on Penetration Testing Tools.

After more than two years of development, the Debian Project has unveiled a new stable release of its operating system—Debian 13, codenamed trixie. It will receive updates and security fixes for five years, thanks...

The post Debian 13 ‘trixie’ Is Here: What’s New in the Universal Operating System appeared first on Penetration Testing Tools.

In 2024, Americans over the age of 60 lost an astronomical $700 million to online fraud—a record high in the entire history of monitoring by the U.S. Federal Trade Commission (FTC). The latest Consumer...

The post Record-Breaking Fraud: Older Americans Lost $700 Million to Scams in 2024 appeared first on Penetration Testing Tools.

After Grok-4 was compromised in just two days, GPT-5 fell within a mere 24 hours to the same group of researchers. Almost simultaneously, the SPLX testing team (formerly SplxAI) declared: “Out-of-the-box GPT-5 is practically...

The post GPT-5 Hacked in 24 Hours: Researchers Expose Critical Flaws in OpenAI’s New Model appeared first on Penetration Testing Tools.

A recently patched vulnerability in WinRAR, identified as CVE-2025-8088, was exploited in targeted phishing attacks even before a fix became available. The flaw, classified as a Directory Traversal vulnerability and addressed only in WinRAR...

The post Hackers Exploited a New WinRAR Flaw Before It Was Patched appeared first on Penetration Testing Tools.