Aggregator

Submit #645006 / VDB-325003

A vulnerability was found in Apache Linkis up to 1.7.0 and classified as problematic. Impacted is the function org.apache.linkis.metadata.util.HiveUtils.decode. Executing manipulation can lead to sensitive information in log files. This vulnerability is registered as CVE-2025-59355. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

Leveraging on LLM’s abilities to mimic cognitive human agents, WAFSmith aims to reduce the friction of WAF rule

The post WAFSmith: A New Open-Source Tool Uses LLMs to Revolutionize WAF Management appeared first on Penetration Testing Tools.

Tigera announced a new solution to secure AI workloads running in Kubernetes clusters. Due to the resource-intensive and bursty nature of AI workloads, Kubernetes has become the de facto orchestrator for deploying them. However AI workloads introduce security challenges, throughout the data ingestion and preparation, model training, and deployment stages. Calico is purpose-built to protect mission-critical AI workloads at every stage. The platform provides a set of features enabling organizations to scale their AI initiatives … More →

The post New Tigera solution protects AI workloads from data ingestion to deployment appeared first on Help Net Security.

Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla group's Kazuar backdoor on an endpoint in Ukraine in February 2025, indicating that Turla is very likely

京东卡上线通知KB拓展新姿势TIME 2025.09.22 15:00各位白帽子请注意！

分享一篇文章。

2025年9月18日，深瞳漏洞实验室监测到一则谷歌-Chrome组件存在类型混淆漏洞的信息，漏洞编号：CVE-2025-10585，漏洞威胁等级：高危。

Подробности нового распоряжения и как оно ударит по рынку ИИ.

The world’s leading artificial intelligence firms, OpenAI and Anthropic, have disclosed that over the past year they collaborated

The post Top AI Firms Expose Flaws in Models to Government Researchers appeared first on Penetration Testing Tools.

A newly discovered video injection tool for iOS devices that have been jailbroken poses a serious threat to modern digital identity verification. Developed to run on iOS 15 or later, this highly specialized toolkit can circumvent weak biometric checks and even exploit services lacking any biometric safeguards. Its emergence marks a troubling shift toward automated, […]

The post New iOS Video Injection Tool Bypasses Biometric Locks on Jailbroken iPhones appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers from the ByteRay team have disclosed a critical vulnerability in TP-Link routers that enables remote execution of

The post Critical Flaw Discovered in TP-Link Routers appeared first on Penetration Testing Tools.

Remote Monitoring and Management tools such as ConnectWise ScreenConnect have earned a reputation for simplifying IT administration, but they have also drawn the attention of sophisticated attackers. By abusing ScreenConnect’s trusted installation footprint and deep system privileges, adversaries are now trojanizing installers to deploy dual Remote Access Trojans (RATs)—AsyncRAT and a custom PowerShell RAT—against U.S. […]

The post Weaponized ScreenConnect App Spreads AsyncRAT and PowerShell RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Jaguar Land Rover has found itself mired in a protracted crisis following a recent cyberattack that crippled both

The post Jaguar Land Rover Cyberattack: Third Week of Disruption, £50M in Losses appeared first on Penetration Testing Tools.

Astra Security has launched its API Security Platform, designed to identify undocumented, zombie, and shadow APIs that threaten infrastructure and expose sensitive PII. Instead of relying on reactive, siloed detection tools, Astra’s platform delivers proactive, automated protection against attackers exploiting APIs to compromise systems. Most businesses lack API inventory, and developers rarely run active security tests on the APIs they build. Astra API Security Platform solves for both, providing visibility into APIs that a company … More →

The post Astra API Security Platform secures undocumented and vulnerable APIs appeared first on Help Net Security.

Experts from Zscaler ThreatLabz have uncovered two malicious packages in the PyPI repository that, upon installation and import,

The post New Python Trojan “SilentSync” Found on PyPI appeared first on Penetration Testing Tools.

An independent researcher named Andreas, author of the blog Anagogistis, has uncovered severe vulnerabilities in the Linux clients

The post PureVPN’s Linux Clients Expose IPv6 Addresses & Disable Firewalls appeared first on Penetration Testing Tools.

CISO 和安全领导者可能会因为一系列原本可以避免的错误，影响自己的职业发展。

Proofpoint has published an analysis detailing a series of targeted phishing campaigns attributed to a group linked to

The post TA415 Espionage: New Chinese Cyber Attacks Target U.S. Officials appeared first on Penetration Testing Tools.