top of page
perceptive_background_267k.jpg

Hackers exploit security testing apps to breach Fortune 500 firms

Published:

21 januari 2026 om 14:00:00

Alert date:

21 januari 2026 om 15:02:40

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Cloud & Virtualization, Web Technologies, Security Tools

Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing to gain unauthorized access to cloud environments. The targeted applications include DVWA, OWASP Juice Shop, Hackazon, and bWAPP. Attackers are leveraging these vulnerable training platforms to breach Fortune 500 companies and security vendors. The exploitation focuses on web applications that organizations use for internal security testing and training purposes. This represents a significant security risk as these tools, meant to improve security posture, are being weaponized against the organizations themselves.

Technical details

Mitigation steps:

Affected products:

DVWA
OWASP Juice Shop
Hackazon
bWAPP

Related links:

https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page