New Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs

Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new 'Dante' spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability CVE-2025-2783 and COM hijacking for persistence, confirming the continued deployment o...

Autonomous AI Hacking and the Future of Cybersecurity

AI agents are now hacking computers. They're getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything. Over the summer,...

EUVD-2018-9800

Malware in sbrugna...

Learning Cybersecurity Vs. Ethical Hacking: A Comparative Pathway for Aspiring Students

This paper explores the distinctions and connections between cybersecurity and ethical hacking, two vital disciplines in the protection of digital systems. It defines each field, outlines their goals and methodologies, and compares the academic and professional paths available to aspiring student...

EUVD-2025-12536

Malicious code in bioql PyPI...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

🛡️ pwnkit-helper - Elevate Your Hacking Skills Safely !Down...

Introducing zeroday.cloud: First-of-its-kind cloud and AI hacking competition

Wiz and the leading CSPs are launching one of the largest hacking competitions ever to secure the open-source software powering the cloud ecosystem...

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider , a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and...

A week in security (September 15 – September 21)

Last week on Malwarebytes Labs: ChatGPT Deep Research zero-click vulnerability fixed by OpenAI Disrupted phishing service was after Microsoft 365 credentials Update your Chrome today: Google patches 4 vulnerabilities including one zero-day Age verification and parental controls coming to ChatGPT ...

MSc-Cybersecurity-Capstone-Android-Exploitation

MSc Cybersecurity Capstone Project Title: Android Exploit...

SCANNER-INURLBR

This is an offensive tool for web application vulnerability scanning. The tool, INURLBR, is designed to perform advanced searches in search engines to exploit GET/POST capturing emails and URLs, with an internal custom validation junction for each target/URL found. It is written in PHP and can ru...

pentestdb

This is a repository of penetration testing tools and resources, specifically designed for web application security testing. The repository is called "pentestdb" and is maintained by a user named "alpha1e0". The repository contains a variety of tools and resources, including: 1. Exploit systems: ...

pagodo

This is an offensive tool for web application discovery. The primary CVE ID is not present in the provided context. The target product/service or framework is Google Search, and the vulnerability class/vector is not explicitly stated. The probable entry points are scripts/modules such as...

hackingtool-v5.1

All in One Hacking tool For Hackers🥇 !https://img.shields...

Breaking Android with AI: a Deep Dive into LLM-Powered Exploitation

The rapid evolution of Artificial Intelligence AI and Large Language Models LLMs has opened up new opportunities in the area of cybersecurity, especially in the exploitation automation landscape and penetration testing. This study explores Android penetration testing automation using LLM-based...

Subverting AIOps Systems Through Poisoned Input Data

In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out...

Nigerian man extradited from France to US over hacking and fraud allegations

A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the…...

Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards

Last year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with even more potenti...

Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon aka Hafnium have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities. The patents cover forensics and intrusion tools...

Aeroflot Hacked

Looks serious...