BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
No feed items found.
Exploit DB
- [webapps] ABB Cylon Aspect 3.08.01 - Arbitrary File Delete
- [webapps] ABB Cylon Aspect 3.08.01 - Remote Code Execution
- [webapps] Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS
- [webapps] XWiki Standard 14.10 - Remote Code Execution (RCE)
- [local] Solstice Pod 6.2 - API Session Key Extraction via API Endpoint
- [webapps] Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass
- [webapps] Litespeed Cache 6.5.0.1 - Authentication Bypass
- [webapps] CodeCanyon RISE CRM 3.7.0 - SQL Injection
- [webapps] Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)
- [webapps] Sonatype Nexus Repository 3.53.0-01 - Path Traversal
Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities
/in General NewsChrome 135 and Firefox 137 were released on Tuesday with fixes for several high-severity memory safety vulnerabilities.
The post Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
/in General NewsThe financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems.
“This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine,” Swiss
The Hacker News – Read More
New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
/in General NewsCybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems.
“Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and system calls),” Zscaler ThreatLabz researcher Muhammed Irfan V A said in
The Hacker News – Read More
Malaysian Airport’s Cyber Disruption a Warning for Asia
/in General NewsTransportation facilities and networks slowly adapt to changes and threats, leaving them vulnerable to agile cyberattackers, as demonstrated by the $10 million ransomware attack.
darkreading – Read More
Google Brings End-to-End Encryption to Gmail
/in General NewsThe new Google Workspace features will make it easier for enterprise customers to implement end-to-end encryption within Gmail.
darkreading – Read More
Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities
/in General NewsUsing the Security Copilot tool, Microsoft discovered 20 critical vulnerabilities in widely deployed open-source bootloaders.
The post Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Surge in Scans on PAN GlobalProtect VPNs Hints at Attacks
/in General NewsOver the past few weeks, bad actors from different regions have been scanning devices with the VPN for potential vulnerabilities.
darkreading – Read More
Best Data Anonymization Tools in 2025
/in General NewsTop Data Anonymization Tools of 2025 to protect sensitive information, ensure compliance, and maintain performance across industries.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Lawmakers warn of impact HHS firings will have on medical device cybersecurity efforts
/in General NewsAs thousands were laid off from the Department of Health and Human Services on Tuesday morning, Congress held a hearing on medical device cybersecurity where experts raised concerns about the ramifications of the firings.
The Record from Recorded Future News – Read More
As CISA Downsizes, Where Can Enterprises Get Support?
/in General NewsIn this roundtable, cybersecurity experts — including two former CISA executives — weigh in on alternate sources for threat intel, incident response, and other essential cybersecurity services.
darkreading – Read More