Top 50 Best Penetration Testing Companies in 2026
Penetration testing companies serve as vital cybersecurity allies, simulating real-world cyberattacks to expose vulnerabilities in systems, networks, and applications before malicious actors strike. Employing ethical hackers with advanced techniques, they rigorously assess defenses, pinpoint misconfigurations, and evaluate control effectiveness to ensure regulatory compliance and threat resilience. Their detailed reports deliver actionable recommendations that fortify security […]
The post https://cybersecuritynews.com/penetration-testing-companies/
.
https://cybersecuritynews.com/penetration-testing-companies/
ownCloud Urges Users to Enable Multi-Factor Authentication Following Credential Theft
ownCloud has urgently urged users of its Community Edition to enable multi-factor authentication (MFA). Threat intelligence report from Hudson Rock highlighted incidents where attackers compromised self-hosted file-sharing platforms, including some ownCloud deployments, but ownCloud stresses that its platform itself remains unbreached. Hudson Rock’s analysis revealed no zero-day exploits or vulnerabilities in ownCloud’s architecture. Instead, threat […]
The post https://cybersecuritynews.com/owncloud-urges-mfa/
.
TOTOLINK EX200 Extender Vulnerability Allow Attacker to Gain Full System Access
A severe vulnerability in the TOTOLINK EX200 Wi-Fi extender could allow attackers to gain full system access via an unauthenticated telnet root service, researchers warned. The flaw, tracked as CVE-2025-65606 and assigned CERT Vulnerability Note VU#295169, affects the firmware upload error-handling logic in the End-of-Life TOTOLINK EX200 extender. When processing malformed firmware files, the device inadvertently enables […]
The post https://cybersecuritynews.com/totolink-ex200-extender-vulnerability/
.
https://cybersecuritynews.com/totolink-ex200-extender-vulnerability/
Sedgwick confirms Data Breach Following TridentLocker Ransomware Gang Claim
Sedgwick has confirmed a cybersecurity incident at its government-focused subsidiary after the TridentLocker ransomware gang claimed responsibility for stealing 3.4 gigabytes of data. The breach highlights ongoing risks to federal contractors handling sensitive U.S. agency data. Claims administration giant Sedgwick acknowledged on January 4, 2026, that Sedgwick Government Solutions (SGS) experienced unauthorized access to an […]
The post https://cybersecuritynews.com/sedgwick-confirms-data-breach/
.
https://cybersecuritynews.com/sedgwick-confirms-data-breach/
Stealthy Tuoni C2 Malware Targets Major U.S. Real Estate Firm with AI-Enhanced Tactics
Cybercriminals have shifted their approach to infiltration. Rather than launching quick attacks, they now work silently within networks, stealing important information, and waiting weeks or months before striking. This is exactly what happened in a recent attack discovered by Morphisec Threat Labs targeting a major U.S. real estate company. This was not a common phishing […]
The post https://cybersecuritynews.com/stealthy-tuoni-c2-malware-targets-major-u-s-real-estate-firm/
.
https://cybersecuritynews.com/stealthy-tuoni-c2-malware-targets-major-u-s-real-estate-firm/
Threat Actor Exploited Multiple FortiWeb Appliances to Deploy Sliver C2 for Persistent Access
Recent findings indicate that a sophisticated threat actor is actively exploiting multiple outdated FortiWeb appliances to deploy the Sliver Command and Control (C2) framework. This campaign highlights a concerning trend where adversaries leverage open-source offensive tools to maintain persistent access within compromised networks, often bypassing traditional security defenses. The attackers appear to prioritize unpatched edge […]
The post https://cybersecuritynews.com/threat-actor-exploited-fortiweb-appliances-to-deploy-sliver-c2/
.
https://cybersecuritynews.com/threat-actor-exploited-fortiweb-appliances-to-deploy-sliver-c2/
Hackers Abusing Google Tasks Notification for Sophisticated Phishing Attack
Hackers have launched a sophisticated phishing campaign exploiting Google Tasks notifications to target over 3,000 organizations worldwide, primarily in the manufacturing sector. The December 2025 attacks signal a dangerous shift in email-based threats, in which attackers abuse legitimate Google infrastructure rather than spoofing domains or forging email headers. The phishing emails originated from a legitimate […]
The post https://cybersecuritynews.com/google-tasks-abused/
.
RondoDoX Botnet Weaponizing a Critical React2Shell Vulnerability to Deploy Malware
A sophisticated threat group has intensified its campaign against organizations by leveraging the latest vulnerabilities in web applications and Internet of Things (IoT) devices. The RondoDoX botnet, tracked through exposed command-and-control logs spanning nine months from March to December 2025, demonstrates a relentless approach to compromising enterprise infrastructure. The malware operates through a multi-stage infection […]
The post https://cybersecuritynews.com/rondodox-botnet-weaponizing-a-critical-react2shell/
.
https://cybersecuritynews.com/rondodox-botnet-weaponizing-a-critical-react2shell/