vPenTest release notes: November 6, 2025

Our latest release includes a new feature, enhancements, fixes, and security improvements.

New feature

Dark Web ID integration

This integration allows vPenTest to automatically leverage compromised credentials from Dark Web ID as part of both internal and external network penetration tests. Using compromised credentials from Dark Web ID, vPenTest can enumerate the environment for sensitive data and perform additional attacks, demonstrating the impact of stolen credentials. In the report, vPenTest will indicate if credentials found on the dark web were used as part of the penetration test to accomplish its objectives.

Benefits

Confirm if Dark Web ID credentials are still valid.
Gain clarity on the risks of weak passwords, validate controls like 2FA, and strengthen defenses against potential breaches.
By revealing how stolen credentials can be used by malicious actors to gain unauthorized access, vPenTest delivers deeper insights, stronger security outcomes, and greater value in every assessment.

How it works

Enable the integration on Global Settings > API Integrations tab.
Step 1: Provide your Dark Web ID credentials.
Step 2: Map organizations to complete the integration.
Schedule an internal or external network penetration test for a mapped organization.
vPenTest will exploit credentials from Dark Web ID during testing.
Results will automatically be included in the executive summary and technical reports.

Check out our support article to learn more and view a sample technical report.

Enhancements

Improved Validation: Prevent scheduling assessments on Localhost

Enhanced the assessment scheduler to block DNS names that resolve to 127.0.0.1 (localhost).

Now, if you try to add a DNS entry like localtest.me that points to localhost, you’ll get a clear error message and the entry will not be accepted.

This prevents accidental self-assessment and ensures all scheduled targets are valid and reachable.

Fixes

Category	Description
VulScan Integration	Vulnerability results now import correctly Resolved an issue where findings from VulScan were not being imported into vPenTest assessments, even when IPs matched and integration was enabled. The root cause was backend data parsing, which has now been fixed. So, vulnerability results from VulScan will reliably appear in your integrated assessments as expected.
Scheduled Assessment	Scheduled assessment deletion now works as expected on dashboard for internal IT teams (MMEs) Fixed an issue where deleting a single scheduled assessment from the dashboard would remove all scheduled assessments instead of just the selected one. Now, if you have a recurring scheduled assessment, when you delete an assessment, only the chosen entry is removed, making scheduling management safer and more predictable.
Email Names	Email names now display special characters correctly Fixed an issue where names with special characters (like Icelandic letters) were not displaying correctly in email notifications. Names such as Guðjón will now appear as intended, ensuring accurate and professional communication with all customers.

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.