BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
CitrixBleed-ing Again? NetScaler Vulnerability Under Attack
/in General NewsAttackers wasted little time targeting the latest memory disclosure flaw in Citrix’s NetScaler products, after researchers published a proof-of-concept exploit (PoC).
darkreading – Read More
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
/in General NewsAn Iranian hacking group affiliated with Iran’s Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations.
The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point Research
The Hacker News – Read More
Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks
/in General NewsSecuronix says the sophisticated framework abuses compromised websites, Blogspot, PowerShell, and fileless techniques to evade detection and deploy the PureLog information stealer.
The post Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Major medical device manufacturer notifies nearly 4 million of breach
/in General NewsInformation like Social Security numbers and health-related data was accessed, but the company said it had “no evidence that impacted information has been publicly posted or exposed on the internet.”
The Record from Recorded Future News – Read More
I compared Apple AirTags to competing Bluetooth trackers – including this $2 one
/in General NewsHow does a budget tracker tag perform against the best of the best? Turns out all Bluetooth range is not created equal.
Latest news – Read More
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
/in General NewsA use-after-free bug in Linux’s KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it.
Dubbed ‘Januscape’ and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The public proof-of-concept panics the host; the researcher claims that a separate, unreleased exploit
The Hacker News – Read More
JadePuffer: The First Complete LLM-Driven Ransomware Attack
/in General NewsAn “agentic threat actor” successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems.
darkreading – Read More
I tested the new Claude Desktop on Linux – here’s how it compares to rival apps
/in General NewsClaude Code finally has an official Linux desktop app. It’s a great option, but trying to use local AI is where things get tricky.
Latest news – Read More
Azure CLI Password Spray Attack Exposes Microsoft 365 MFA Gap
/in General NewsA password spray campaign targeting Azure CLI sign-ins exposed how narrow Conditional Access policies can leave Microsoft 365 accounts vulnerable even when MFA is enabled.
The post Azure CLI Password Spray Attack Exposes Microsoft 365 MFA Gap appeared first on TechRepublic.
Security Archives – TechRepublic – Read More
Japanese teen arrested over cyberattack that disrupted anime streaming service
/in General NewsThe unnamed student, who lives in a city near Tokyo, allegedly exploited a flaw in a subscription-based anime streaming platform to fraudulently cancel more than 46,000 user subscriptions.
The Record from Recorded Future News – Read More