BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
[wp-rss-aggregator feeds="kitploit" limit="10" pagination="off"]
Exploit DB
[wp-rss-aggregator feeds="exploit-db" limit="10" pagination="off"]
Latest news and insights on Security
Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil
/in General NewsAttackers could even have used one vulnerable Lookout user to gain access to other GCP tenants’ environments.
darkreading – Read More
Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes
/in General NewsResearchers recently tracked a high-speed cloud attack where an intruder gained
full admin access in just eight minutes. Discover how AI automation and a simple
storage error led to a major security breach.
Hackread – Cybersecurity News, Data Breaches, AI and More – Read More
Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks
/in General NewsTwo IP addresses accounted for the majority of the 1.4 million exploitation attempts observed over the past week.
The post Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft and ServiceNow’s exploitable agents reveal a growing – and preventable – AI security crisis
/in General NewsOnce deployed on corporate networks, AI agents can become every threat actor’s fantasy. Lesson one for cybersecurity pros: limit privileges.
Latest news – Read More
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers
/in General NewsMicrosoft has warned that information-stealing attacks are “rapidly expanding” beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale.
The tech giant’s Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since
The Hacker News – Read More
CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks.
The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote
The Hacker News – Read More
Chrome Add-On Caught Stealing Amazon Commissions
/in General NewsA Chrome extension posing as an Amazon ad blocker was caught hijacking affiliate links in the background, redirecting commissions without user consent.
The post Chrome Add-On Caught Stealing Amazon Commissions appeared first on TechRepublic.
Security Archives – TechRepublic – Read More
Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
/in General NewsThe Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats.
The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don’t end up getting published on the Open VSX Registry.
The Hacker News – Read More
Samsung is slashing this 65-inch QLED TV and soundbar bundle by 50% for a limited time
/in General NewsSamsung will sell you a 65-inch QN1EF Neo QLED TV and HW-S700D soundbar for under $1,200 now, just in time for the Super Bowl and the Winter Olympics.
Latest news – Read More
Onboarding new AI hires calls for context engineering – here’s your 3-step action plan
/in General NewsYour company culture is the intangible knowledge new employees will absorb over time. But AI agents need all of it, all at once. Here’s how to engineer the context.
Latest news – Read More