BackBox News

Latest news and insights on Security

G7 Countries Release AI SBOM Guidance

The goal of the guidance, which outlines minimum elements, is to help organizations enhance transparency in AI systems and supply chains. 

The post G7 Countries Release AI SBOM Guidance appeared first on SecurityWeek.

SecurityWeek – ​Read More

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure.
The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the

The Hacker News – ​Read More

How AI Hallucinations Are Creating Real Security Risks

How AI Hallucinations Are Creating Real Security Risks

AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable response based on patterns in its training data, even if that response is inaccurate. These outputs

The Hacker News – ​Read More

Foxconn Attack Highlights Manufacturing’s Cyber Crisis

Foxconn Attack Highlights Manufacturing’s Cyber Crisis

A Nitrogen ransomware attack on Foxconn’s North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for downtime.

darkreading – ​Read More

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure

The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed.

The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek.

SecurityWeek – ​Read More

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON).
The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse

The Hacker News – ​Read More

Your iPhone Gets Stolen. Then the Hacking Begins

Your iPhone Gets Stolen. Then the Hacking Begins

A bustling underground ecosystem is providing criminals with the tools to unlock iPhones—and wage phishing attacks against their contacts to access bank accounts and more.

Security Latest – ​Read More

High-Severity Vulnerability Patched in VMware Fusion

The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week.

The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek.

SecurityWeek – ​Read More

10 Google Maps settings I immediately change on every new phone – and why

Google Maps is great right after install, but I like to tighten my privacy and enable a few features to make it better.

Latest news – ​Read More

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years.
The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a

The Hacker News – ​Read More

BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.