Pentesting News
@PentestingNews
21.4K subscribers
720 photos
7 videos
875 files
72.8K links
πŸ₯·πŸΌ
β†’ Cybersecurity
β†’ Pentesting
β†’ ReadTeam
β†’ OSINT
β†’ Offensive Security
β†’ Reverse
β†’ Malware Analisys

πŸŽ₯ Video
t.me/HackerVideos

❣️Donate
Download Telegram
About
Blog
Apps
Platform
Join
Pentesting News
21.4K subscribers
Pentesting News
β€ŠBug Bounty from Scratch | Everything You Need to Know About Bug Bounty

https://infosecwriteups.com/bug-bounty-from-scratch-everything-you-need-to-know-about-bug-bounty-7188d57d36f2?source=rss----7b722bfd1b8d---4
Medium
🐞Bug Bounty from Scratch | Everything You Need to Know About Bug Bounty
πŸ“ŒFree Article Link
220 views
Pentesting News
β€ŠHow a Tiny Script Can Hijack Your Site: The Hidden Dangers of XSS

https://infosecwriteups.com/how-a-tiny-script-can-hijack-your-site-the-hidden-dangers-of-xss-0df74dd6444f?source=rss----7b722bfd1b8d---4
Medium
How a Tiny Script Can Hijack Your Site: The Hidden Dangers of XSS
A practical and beginner-friendly deep dive into Cross-Site Scripting (XSS) attacks and how to prevent them
271 views
Pentesting News
β€ŠMeta Acquires PlayAI: Voice AI Startup Joins Superintelligence Push, Boosting Conversational Tech

https://securityonline.info/meta-acquires-playai-voice-ai-startup-joins-superintelligence-push-boosting-conversational-tech/
Daily CyberSecurity
Meta Acquires PlayAI: Voice AI Startup Joins Superintelligence Push, Boosting Conversational Tech
Meta has finalized its acquisition of voice AI startup PlayAI, integrating its team to enhance Meta AI, virtual characters, and voice tech for smart glasses, boosting its "AI Superintelligence" initiative.
339 views
Pentesting News
β€Š1Password Free Family Plan: How to Keep Getting 1 Year of Free Premium Access

https://securityonline.info/1password-free-family-plan-how-to-keep-getting-1-year-of-free-premium-access/
Daily CyberSecurity
1Password Free Family Plan: How to Keep Getting 1 Year of Free Premium Access
1Password offers a recurring free one-year Family Plan. Learn how to circumvent the expiration by exporting/importing data to a new account, extending free premium access.
329 views
PosterBot
Pentesting News
β€ŠSecurity Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

https://securityaffairs.com/179847/breaking-news/security-affairs-newsletter-round-532-by-pierluigi-paganini-international-edition.html
Security Affairs
Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box
381 views
Pentesting News
β€ŠFortinet FortiWeb Fabric Connector Flaw Enables Remote Code Execution

https://gbhackers.com/fortinet-fortiweb-fabric-connector-flaw/
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Fortinet FortiWeb Fabric Connector Flaw Enables Remote Code Execution
Security researchers have identified a severe pre-authentication SQL injection vulnerability in Fortinet's FortiWeb Fabric Connector.
405 views
Pentesting News
β€ŠSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

https://securityaffairs.com/179854/breaking-news/security-affairs-malware-newsletter-round-52-2.html
Security Affairs
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape
400 views
Pentesting News
β€ŠWeekly Cybersecurity Roundup: Key Vulnerabilities, Threats, and Data Breaches

https://cybersecuritynews.com/weekly-cybersecurity-roundup/
Cyber Security News
Weekly Cybersecurity Roundup: Key Vulnerabilities, Threats, and Data Breaches
In today’s rapidly evolving digital landscape, the frequency and complexity of cyberattacks are increasing, making it crucial to stay informed about emerging threats.
453 views
Pentesting News
β€ŠWing FTP Server flaw actively exploited shortly after technical details were made public

https://securityaffairs.com/179861/hacking/wing-ftp-server-flaw-actively-exploited-shortly-after-technical-details-were-made-public.html
Security Affairs
Wing FTP Server flaw actively exploited shortly after technical details were made public
Hackers exploit critical Wing FTP flaw (CVE-2025-47812) for remote code execution with root/system rights after details leaked on June 30.
❀1
461 views
Pentesting News
β€ŠGoogle Gemini flaw hijacks email summaries for phishing

https://www.bleepingcomputer.com/news/security/google-gemini-flaw-hijacks-email-summaries-for-phishing/
BleepingComputer
Google Gemini flaw hijacks email summaries for phishing
Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links.
πŸ‘1
365 views
Pentesting News
β€ŠWindows 10 KB5062554 update breaks emoji panel search feature

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5062554-update-breaks-emoji-panel-search-feature/
BleepingComputer
Windows 10 KB5062554 update breaks emoji panel search feature
The search feature for the Windows 10 emoji panel is broken after installing the KB5062554 cumulative update released Tuesday, making it not possible to look up emojis by name or keyword.
270 views
Pentesting News
β€ŠFake Free VPN & Minecraft Mod Repositories Deliver Lumma Stealer

https://securityonline.info/fake-free-vpn-minecraft-mod-repositories-deliver-lumma-stealer/
Daily CyberSecurity
Fake Free VPN & Minecraft Mod Repositories Deliver Lumma Stealer
A malicious campaign on GitHub is distributing Lumma Stealer via fake "Free VPN for PC" and "Minecraft Skin Changer" repositories, using obfuscation and process injection for stealthy delivery.
191 views
Pentesting News
β€ŠDarktrace Exposes β€œFake Startup” Malware Campaign: Lures Crypto Users with AI/Web3 Apps to Steal Wallets

https://securityonline.info/darktrace-exposes-fake-startup-malware-campaign-lures-crypto-users-with-ai-web3-apps-to-steal-wallets/
Daily CyberSecurity
Darktrace Exposes "Fake Startup" Malware Campaign: Lures Crypto Users with AI/Web3 Apps to Steal Wallets
Darktrace uncovers a crypto scam using fake software startups (AI, gaming, Web3 themes) with professional online presences to distribute Electron malware (Windows) and Atomic Stealer (macOS) for crypto theft.
169 views
Pentesting News
β€ŠGoogle Uncovers Massive Phishing Scam Exploiting Booking.com Users

https://securityonline.info/google-uncovers-massive-phishing-scam-exploiting-booking-com-users/
Daily CyberSecurity
Google Uncovers Massive Phishing Scam Exploiting Booking.com Users
Google exposes a vast phishing campaign hijacking Booking.com reservation chats to steal credit card details from travelers, impacting thousands globally since Nov 2023.
158 views
Pentesting News
β€ŠWordPress Supply Chain Attack: Gravity Forms Plugin Backdoored Through Official Downloads

https://securityonline.info/wordpress-supply-chain-attack-gravity-forms-plugin-backdoored-through-official-downloads/
Daily CyberSecurity
WordPress Supply Chain Attack: Gravity Forms Plugin Backdoored Through Official Downloads
A supply chain attack injected backdoor malware into Gravity Forms plugin downloads from the official website. The backdoor allows RCE and creates admin accounts.
160 views
Pentesting News
β€ŠCVE-2025-30023: Critical RCE Vulnerability Discovered in Axis Video Management Software

https://securityonline.info/cve-2025-30023-critical-rce-vulnerability-discovered-in-axis-video-management-software/
Daily CyberSecurity
CVE-2025-30023: Critical RCE Vulnerability Discovered in Axis Video Management Software
Axis warns of a critical flaw (CVE-2025-30023, CVSS 9.0) in Camera Station Pro/5 and Device Manager, allowing authenticated RCE via protocol deserialization. Update immediately.
139 views
Pentesting News
β€ŠSMM Vulnerabilities in Gigabyte UEFI Firmware Expose Systems to Stealthy Attacks

https://securityonline.info/smm-vulnerabilities-in-gigabyte-uefi-firmware-expose-systems-to-stealthy-attacks/
Daily CyberSecurity
SMM Vulnerabilities in Gigabyte UEFI Firmware Expose Systems to Stealthy Attacks
CERT/CC warns of critical flaws in Gigabyte UEFI firmware, allowing SMRAM writes and SMM code execution. Patch immediately to prevent firmware implants and Secure Boot bypass.
153 views
Pentesting News
β€ŠSLOW#TEMPEST: Advanced Obfuscation Evades Static Analysis With CFG & Indirect Calls

https://securityonline.info/slowtempest-advanced-obfuscation-evades-static-analysis-with-cfg-indirect-calls/
Daily CyberSecurity
SLOW#TEMPEST: Advanced Obfuscation Evades Static Analysis With CFG & Indirect Calls
Unit 42 exposes SLOW#TEMPEST, a new malware variant using advanced CFG obfuscation and indirect function calls to evade static analysis, making it nearly impossible to detect.
144 views
Pentesting News
β€ŠRenderShock: New Zero-Click Attack Explores Hidden Vulnerabilities in OS & Enterprise Environments

https://securityonline.info/rendershock-new-zero-click-attack-explores-hidden-vulnerabilities-in-os-enterprise-environments/
Daily CyberSecurity
RenderShock: New Zero-Click Attack Explores Hidden Vulnerabilities in OS & Enterprise Environments
CYFIRMA unveils RenderShock, a zero-click attack strategy exploiting silent OS background processes like file previews and search indexing to execute malware and steal credentials without user interaction.
142 views
Pentesting News
β€ŠCVE-2025-25257 (CVSS 9.6): Pre-Auth SQLi in Fortinet FortiWeb Opens Door to RCE, PoC Published

https://securityonline.info/cve-2025-25257-cvss-9-6-pre-auth-sqli-in-fortinet-fortiweb-opens-door-to-rce-poc-published/
Daily CyberSecurity
CVE-2025-25257 (CVSS 9.6): Pre-Auth SQLi in Fortinet FortiWeb Opens Door to RCE, PoC Published
Fortinet released a critical patch for FortiWeb (CVE-2025-25257). This unauthenticated SQL injection flaw allows remote code execution. PoC Releases!
135 views
Pentesting News
β€ŠElon Musk’s AI Empire Boosted: SpaceX Invests $2B in xAI to Accelerate Grok Development & Tesla Integration

https://securityonline.info/elon-musks-ai-empire-boosted-spacex-invests-2b-in-xai-to-accelerate-grok-development-tesla-integration/
Daily CyberSecurity
Elon Musk’s AI Empire Boosted: SpaceX Invests $2B in xAI to Accelerate Grok Development & Tesla Integration
SpaceX invests $2B in xAI to accelerate Grok AI development and Tesla integration. Grok 4 offers multimodal input/multi-agent support, but faced recent hate speech controversy.
136 views