Daily Live Feed

The technical details and proof-of-concept (PoC) code are now available for a high-severity vulnerability (CVE-2024-21006) in the Oracle WebLogic Server that allows remote attackers to compromise the Oracle WebLogic Server. With a CVSS score... The post PoC Releases for CVE-2024-21006: Hackers Can Take Over Oracle WebLogic Server appeared first on… Read more »

A security vulnerability has been discovered in Yoast SEO, the most popular search engine optimization plugin for WordPress, affecting over 5 million active installations worldwide. Identified as CVE-2024-4041 with a Common Vulnerability Scoring System... The post CVE-2024-4041: Security Flaw Found in Popular Yoast SEO Plugin – Update Immediately! appeared first… Read more »

The very backbone of Virtual Private Networks (VPNs), praised for their ability to secure online activities, is under scrutiny following a breakthrough discovery by Dani Cronce and Lizzie Moratti from Leviathan Security Group. Their... The post Major VPN Flaw Exposed: “TunnelVision” (CVE-2024-3661) Threatens Security on Public Networks appeared first on… Read more »

Security researchers at Zscaler’s ThreatLabz have uncovered significant updates to the HijackLoader malware, making it far more stealthy and dangerous. These new capabilities are designed to evade detection by antivirus and security software, allowing... The post Updated HijackLoader Malware Evades Detection, Delivers Potent Payload appeared first on Penetration Testing. Read more »

A bespoke backdoor known as Kapeka (also dubbed KnuckleTouch) has been spotlighted for its sophisticated capabilities and implications in geopolitical cyber conflicts. First detected in mid-2022 and formally tracked by 2024, Kapeka’s emergence aligns... The post Russia-Linked Sandstorm Group Deploys New Kapeka Backdoor in Eastern Europe appeared first on Penetration… Read more »

Trend Micro, a leading provider of cybersecurity solutions, has released an important update for its Antivirus One software, targeting a critical vulnerability that could have allowed attackers to inject malicious code. The issue tracked... The post CVE-2024-34456: Trend Micro Patches Code Injection Vulnerability in Antivirus One appeared first on Penetration… Read more »

QCSuper QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G (and for certain models 5G) radio frames, among other things. It will allow you to generate PCAP captures of it using either... The post QCSuper: capture raw 2G/3G/4G/ 5G radio frames appeared first on Penetration Testing. Read more »

A critical flaw has been uncovered in Tinyproxy, a lightweight HTTP/S proxy favored by individual hobbyists, small businesses, and public Wi-Fi providers for its simplicity and effectiveness. The vulnerability, identified as CVE-2023-49606, poses a... The post CVE-2023-49606 (CVSS 9.8): Tinyproxy Zero-Day Threatens Thousands appeared first on Penetration Testing. Read more »

In the continually evolving landscape of cyber threats, Mac users are facing renewed challenges from an insidious form of malware known as the Atomic Stealer, or AMOS. Originally identified in various stages throughout 2023... The post Atomic Stealer Malware Returns in New Disguises, Targets Mac Users’ Sensitive Data appeared first… Read more »

Cybersecurity researchers have recently disclosed two significant security vulnerabilities in the Linksys E5600 router, both of which could allow attackers to perform command injections. These findings, identified by the CoreSecurity OT/ICS Research Team, are... The post Linksys Router Flaws Exposed, Poc Published, Patch Unavailable! appeared first on Penetration Testing. Read more »