BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
G7 Countries Release AI SBOM Guidance
/in General NewsThe goal of the guidance, which outlines minimum elements, is to help organizations enhance transparency in AI systems and supply chains.
The post G7 Countries Release AI SBOM Guidance appeared first on SecurityWeek.
SecurityWeek – Read More
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
/in General NewsThreat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure.
The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the
The Hacker News – Read More
How AI Hallucinations Are Creating Real Security Risks
/in General NewsAI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable response based on patterns in its training data, even if that response is inaccurate. These outputs
The Hacker News – Read More
Foxconn Attack Highlights Manufacturing’s Cyber Crisis
/in General NewsA Nitrogen ransomware attack on Foxconn’s North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for downtime.
darkreading – Read More
Hackers Targeted PraisonAI Vulnerability Hours After Disclosure
/in General NewsThe first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed.
The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek.
SecurityWeek – Read More
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
/in General NewsAn anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON).
The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse
The Hacker News – Read More
Your iPhone Gets Stolen. Then the Hacking Begins
/in General NewsA bustling underground ecosystem is providing criminals with the tools to unlock iPhones—and wage phishing attacks against their contacts to access bank accounts and more.
Security Latest – Read More
High-Severity Vulnerability Patched in VMware Fusion
/in General NewsThe patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week.
The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek.
SecurityWeek – Read More
10 Google Maps settings I immediately change on every new phone – and why
/in General NewsGoogle Maps is great right after install, but I like to tighten my privacy and enable a few features to make it better.
Latest news – Read More
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
/in General NewsCybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years.
The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a
The Hacker News – Read More