Cybersecurity

Cyber: Hackers Exploit Security Testing Apps To Breach Fortune 500 Firms

2026-01-21 0 views admin
Cyber: Hackers Exploit Security Testing Apps To Breach Fortune 500 Firms

Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors.

An investigation from automated penetration testing company Pentera found evidence that hackers are leveraging this attack vector to compromise systems and deploy crypto miners, plant webshells, or pivot to sensitive systems.

The testing web apps are intentionally vulnerable and represent a serious compromise risk when exposed on the public internet and executed from a privileged cloud account.

Pentera researchers found 1,926 live, vulnerable applications exposed on the public web, often linked to overly privileged IAM (Identity and Access Management) roles and deployed on AWS, GCP, and Azure cloud environments.

According to Pentera, the exposed apps belong to multiple Fortune 500 companies, including Cloudflare, F5, and Palo Alto Networks, which received the researchers' findings and have fixed the issues.

Many of those instances exposed cloud credential sets, did not follow ‘least-privilege’ recommended practices, and in more than half of the cases, still used default credentials, allowing for easy takeover.

The credentials Pentera discovered in the investigation could give attackers full access to S3 buckets, GCS, and Azure Blob Storage, read and write permission to Secrets Manager, interact with container registries, and gain admin access to the cloud environment.

In a report shared with BleepingComputer, Pentera Labs confirmed that the risk was not theoretical and that hackers have already exploited these entry points.

"During the investigation, we discovered clear evidence that attackers are actively exploiting these exact attack vectors in the wild – deploying crypto miners, webshells, and persistence mechanisms on compromised systems," the researchers said.

Proof of compromise emerged when assessing several misconfigured, vulnerable applications. The researchers established shells on the machines and enumerated data in an effort to determine their owners.

Source: BleepingComputer

🏷️ Tags

securityhackbreachattackthreat

More from Cybersecurity

Cyber: Chainlit AI Framework Bugs Let Hackers Breach Cloud Environments

Cyber: Chainlit AI Framework Bugs Let Hackers Breach Cloud Environments

2026-01-21 0
Cyber: Cisco Fixes Unified Communications RCE Zero Day Exploited In Attacks

Cyber: Cisco Fixes Unified Communications RCE Zero Day Exploited In Attacks

2026-01-21 0
Cyber: New Android Malware Uses AI To Click On Hidden Browser Ads 2026

Cyber: New Android Malware Uses AI To Click On Hidden Browser Ads 2026

2026-01-21 0
Cyber: 'contagious Interview' Attack Now Delivers Backdoor Via Vs Code

Cyber: 'contagious Interview' Attack Now Delivers Backdoor Via Vs Code

2026-01-21 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views