
Latest Hacking News offers the latest hacking news, penetration testing tools and cyber security courses for ethical hackers, penetration testers, IT security experts and essentially anyone interested in the cyber security world.
Two Joomla Extensions Hit by Zero-Day File Upload Attacks Before Patches Landed
CISA added CVE-2026-48939 and CVE-2026-56291 to its Known Exploited Vulnerabilities catalog after automated attackers exploited file upload flaws in iCagenda and Balbooa Forms weeks before either bug had a CVE number. Two Joomla Extensions Hit by Zero-Day File Upload Attacks (…)
11 Old Signed UEFI Shims Just Broke Secure Boot on Millions of PCs
ESET found 11 Microsoft-signed UEFI shims, some over a decade old, that let attackers bypass Secure Boot without a single new exploit. 11 Old Signed UEFI Shims Just Broke Secure Boot on Millions of PCs on Latest Hacking News | Cyber Security News, Hacking Tools and (…)
How the GodDamn Ransomware Driver Bypasses Your EDR
GodDamn ransomware's PoisonX driver is a textbook EDR bypass driver: a Microsoft-signed kernel driver that kills security tools instead of exploiting them. How the GodDamn Ransomware Driver Bypasses Your EDR on Latest Hacking News | Cyber Security News, Hacking Tools and (…)
Kerberoasting Attack Explained Step by Step
A technical walkthrough of the kerberoasting attack: the Kerberos quirk it abuses, RC4 vs AES, and how to detect and fix it in Active Directory. Kerberoasting Attack Explained Step by Step on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing (…)
Adobe ColdFusion Vulnerabilities Are a Design Failure, Not Bad Luck
Adobe frames the fast exploitation of its ColdFusion vulnerabilities as an attacker speed problem. The real issue is a connector that never should have trusted an unauthenticated request. Adobe ColdFusion Vulnerabilities Are a Design Failure, Not Bad Luck on Latest Hacking (…)
Gitea Docker Vulnerability Now Under Active Probing, CVE-2026-20896
A critical flaw in Gitea's official Docker image let anyone impersonate an admin with one forged header. Sysdig spotted the first exploitation attempts 13 days after the fix shipped. Gitea Docker Vulnerability Now Under Active Probing, CVE-2026-20896 on Latest Hacking News | (…)
Inside Android’s New Lockscreen Rate-Limiting Rules
Google has replaced Android's 1,800-guess lockscreen limit with a 20-attempt hard cap. Here is how the new rate limiter works and what it means for anyone testing or managing Android devices. Inside Android's New Lockscreen Rate-Limiting Rules on Latest Hacking News | Cyber (…)
Insignary Closes SBOM Accuracy Gap With Binary-Level Clarity for Regulatory Risk
Toronto, Canada, 6th July 2026, CyberNewswire Insignary Closes SBOM Accuracy Gap With Binary-Level Clarity for Regulatory Risk on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
CSRF Attack Explained: Mechanics, Real Exploits, and How to Test for It
A practitioner's breakdown of the CSRF attack: how the forged request works, two documented exploits, a manual test, and the fixes that hold up. CSRF Attack Explained: Mechanics, Real Exploits, and How to Test for It on Latest Hacking News | Cyber Security News, Hacking (…)
Credential Stuffing: A Defender’s Guide to Detecting Automated Login Attacks
Credential stuffing tests stolen password lists against your login form until one matches. Here is how to spot the traffic pattern and layer defences that actually hold. Credential Stuffing: A Defender's Guide to Detecting Automated Login Attacks on Latest Hacking News | (…)