Apache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin for Apache Tomcat. Execute system commands via an API with ?action=exec. Download files from the...
Gallia Gallia is an extendable pentesting framework with the focus on the automotive domain. The scope of the toolchain is conducting penetration tests from a single ECU up to whole cars, with the main...
At first glance, it appeared to be a typical browser extension — a sleek interface, a simple and intuitive color-picking function, high user ratings, and hundreds of glowing reviews. Yet behind this seemingly benign...
Parrot Security OS 6.4 has been officially released, marking the final iteration of the sixth generation of this cybersecurity-focused Linux distribution. The development team has refreshed core components, introduced new tools, and begun preparations...
As electric vehicles steadily weave themselves into the fabric of everyday life, the essential infrastructure that powers them—charging stations—faces a mounting and deeply concerning threat. A study by security researcher Brandon Perry reveals that...
On the second Tuesday of July, Microsoft released its customary Patch Tuesday update package, addressing 137 vulnerabilities across a range of the company’s products. Among them, a particularly notable zero-day vulnerability in Microsoft SQL...
As of July 7, Android users began encountering an unexpected expansion in the capabilities of Gemini, the system-integrated artificial intelligence. It now has access to widely used apps such as WhatsApp, Messages, and Phone—even...
According to a report by Morphisec, the Iranian threat group Pay2Key.I2P has intensified its operations amid escalating tensions in the Middle East. The group is now offering larger payouts to hacker affiliates who participate...
BaitTrap is a large-scale campaign designed to deceive users through counterfeit news websites, spanning over 50 countries and fueling a surge in online investment fraud. Identified by CTM360, these deceptive domains—referred to as BNS...
After 13 months of development, the stable release of Wayland 1.24 has been officially published—a protocol for interprocess communication and a suite of libraries powering modern graphical environments in Linux. This new version maintains...
Malicious software has once again surfaced on the official Google Play Store, masquerading as an innocuous utility. This time, the campaign targeted North America, where the Android banking trojan known as Anatsa—also referred to...
Version 2025.07 of U-Boot—the open-source bootloader widely used in embedded systems across diverse architectures—has been officially released. This update introduces support for new platforms and, notably, adds compatibility with the exFAT file system. Among...
Researchers from Intel, Idaho State University, and the University of Illinois at Urbana-Champaign have unveiled a novel method for compromising language models—one capable of circumventing even the most advanced safety mechanisms. Their technique, dubbed...
There is something expressive and communicative about a cleverly made GIF. Whether it’s a humorous reaction, a dramatic scene, or a bizarre animation loop, GIFs are an online lingua franca! But as much fun...
Malicious actors are increasingly leveraging digitally signed drivers to carry out stealthy attacks on the Windows kernel, circumventing standard security mechanisms and enhancing their ability to remain undetected. Despite the presence of safeguards such...
The hacker collective known as DragonForce, responsible for a series of high-profile cyberattacks targeting British retail giants such as Marks & Spencer, Harrods, and Co-Op, has now ignited an all-out confrontation with the rival...