Pentest-Tools

This post works well for a YouTube Community Tab update or a video description. It maintains an active voice and a direct, technical headline.

We Found a New cPanel RCE! 🔧 (CVE-2025-63261)
Talk about a broken pipe...

Our research team at Pentest-Tools.com discovered a critical vulnerability in AWStats that impacts cPanel installations (CVE-2025-63261 or PTT-2025-021).

We identified a classic Unsafe Perl Open flaw in the code. The application fails to sanitize input before passing it to the open() function. If you send a well-placed pipe | character, Perl stops reading files and starts executing commands instead.

It turns out this legacy code wasn't just analyzing logs—it was waiting for instructions.

In Part 1 of our research series, we map out the discovery process and explain why these legacy bug classes still matter in 2026. We show you exactly how we turned a single character into a shell without requiring any actual plumbing.

Special thanks to Matei Badanoiu for this research!

Read the full technical write-up here: pentest-tools.com/blog/cpanel-cve-ptt-2025-021-par…

#PentestTools #CyberSecurity #InfoSec #cPanel #RCE #VulnerabilityResearch

2 days ago | [YT] | 0

Pentest-Tools

The first week of 2026 is almost in the books. 🗓️

We know that last year was about tightening processes and clearing noise. But as you look at your schedule for the year ahead, where do you want to gain the most time back?

If you could automate one "time thief" out of existence this year, which one gets the axe? 🪓

Vote below 👇

3 days ago | [YT] | 0

Pentest-Tools

The holidays are over. The vulnerabilities aren't.

It’s January 5th. You are back at the desk. Is your perimeter the same as you left it?

Most security teams spend the first week of the year digging through a backlog of unverified alerts. Don't do that.

Use Vulnerability Monitoring in Pentest-Tools.com to establish a clean baseline for 2026.

Instead of running manual checks, configure the Network Vulnerability Scanner to run recurring scans. The system compares the new results against the previous state and notifies you only when there is a difference, like:

A new open port

A changed service version

A regression in a previously patched vulnerability

You get a clean difference report, not a list of repetitive findings. Start the year with clarity, not noise.

👇 Start monitoring here: pentest-tools.com/network-vulnerability-scanning/n…

6 days ago | [YT] | 0

Pentest-Tools

🫤 We know the *last* thing you want to deal with on Dec 31st is a new vulnerability. But #MongoBleed (CVE-2025-14847) isn't waiting for the ball to drop.

Our team already updated the Pentest-Tools.com Network Scanner to detect this information disclosure flaw that's currently letting unauthenticated attackers leak MongoDB server info.

Whether you’re on-call or just checking in, we’ve made it fast to see if your servers are at risk. 🎯 Scan your IPs for CVE-2025-14847, patch it fast, and have a safe New Year.

Details and detection here: 👉 pentest-tools.com/vulnerabilities-exploits/mongodb…

1 week ago | [YT] | 2

Pentest-Tools

What changed between 2024 and 2025?
Not just how much security work you tackled - but *how* you tackled it.

In 2025, you didn’t just run more scans.
💪 You tightened your process.
💪 You cleared the noise.
💪 You stopped chasing and started proving.

Across 6.3+ million scans, 1.2 million API calls, and 611k pentest robot runs, you made these things happen:

→ Validated findings instead of unconfirmed alerts
→ Clear reports that backed your results with real proof
→ Smoother collaboration across teams and clients

We looked at what security teams like yours accomplished last year — and it’s worth seeing!

📊 Dive into our 2025 Year in Review: 👉 pentest-tools.com/blog/year-in-review-2025

#penetrationtesting #ethicalhacking #infosecurity

1 week ago | [YT] | 0

Pentest-Tools

It’s wild that 170,000+ of you have (and use!) a free Pentest-Tools.com account 💥
Compared to the millions who use our free tools without one, you’ve run 3× more scans and that’s probably because you can:

✅ run up to 2 parallel scans
✅ have up to 100 queued scans
✅ schedule up to 25 scans
✅ monitor assets
✅ get notifications via email
✅ and save your scan results for up to 90 days

That’s a Santa-tier bundle 🎅

No wonder you’ve enjoyed these top 5 tools the most. Just look at the numbers:

1. Website Scanner - 792,298 scans
2. Port Scanner - 726,451 scans
3. Network Scanner - 722,862 scans
4. Subdomain Finder - 528,843 scans
5. URL Fuzzer - 167,952 scans

So now we're curious. Which of these tools do you start with most often?

For those who asked, here's where you'll find the tools mentioned above pentest-tools.com/usage/pricing/free

Skip the Carousel

1 2 3 4 5 6

2 weeks ago (edited) | [YT] | 2

Pentest-Tools

Here is the post draft for YouTube Community. It leverages the platform's text formatting capabilities (bolding) and structure to grab attention before the "Read more" fold.

Status Update:

🚨 Active exploitation confirmed: CVE-2025-11953

It’s no longer theoretical. VulnCheck is reporting active exploitation attempts in the wild against React Native Metro servers. 📉

If your developers run this tool locally (or in CI/CD), you might be exposing a critical RCE to the entire internet.

⚠️ The Reality Check The server binds to 0.0.0.0 by default. While this exposes the interface generally, the current RCE exploit specifically targets Windows environments. 🪟

Validate your exposure immediately We have updated Pentest-Tools.com to help you detect and prove this risk: 📡 Network Scanner: Find exposed servers on your perimeter. 🎯 Sniper Auto-Exploiter: Safely prove the RCE exists (on Windows) to confirm the risk is real.

🛠️ The Fix: Update @react-native-community/cli-server-api to v20.0.0+ or bind explicitly to 127.0.0.1.

Validate your risk here: pentest-tools.com/vulnerabilities-exploits/react-n…

#offensivesecurity #ethicalhacking #infosec #cybersecurity #redteam

Skip the Carousel

1 2

2 weeks ago | [YT] | 3

Pentest-Tools

End of year rush? 📉

We have some good news to help you close out the budget season: Pentest-Tools.com is available in the AWS Marketplace.

This means you can now get our new & improved plans using your existing AWS cloud budget—keeping procurement simple and approvals fast.

Whether you need to lock in your 2026 tooling or just want to consolidate billing, you can now access our full offensive security suite directly through your AWS account.

Simplify your procurement process and get the validation capabilities you need.

👇 Check out the listing here: aws.amazon.com/marketplace/pp/prodview-hbngy6inrni…

3 weeks ago | [YT] | 0

Pentest-Tools

Can machine learning make offensive security smarter or is it just security theater?

We asked seasoned pentesters, red teamers, and builders of offensive tools to share where ML helps—and where it falls flat.

The takeaway? Machine learning isn't magic, but when used wisely, it can sharpen your offensive edge.

Read the full expert roundup here: pentest-tools.com/blog/what-the-experts-say-machin…
#offensivesecurity #securitycompliance #machinelearning

3 weeks ago | [YT] | 1

Pentest-Tools

Let’s be honest: in #offensivesecurity, the calendar plan never survives first contact with the terminal.

But if you audit your own year, where did you invest the majority of your energy?

We’re curious about the split between the "necessary grind" and the work that actually brings you satisfaction.

#infosec #pentesting #cybersecurity #2025wrapped #ethicalhacking


Vote below 👇

3 weeks ago | [YT] | 0