Bleeping Computer

Hackers exploit security testing apps to breach Fortune 500 firms

Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud ...
Dark Reading

'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed

Security vendors have been leaving deliberately insecure training applications on the public Internet, and attackers have been taking advantage of them to breach their cloud environments. What's the ...