BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions
/in General NewsBuilding a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to agent platforms that run detection, triage, investigation, and response on their own data foundation.
Whether a platform will materially change outcomes for
The Hacker News – Read More
Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability
/in General NewsOrganizations are urged to patch after proof-of-concept code makes the Linux root escalation flaw easier to exploit.
The post Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
AI Can Forge Documents in Minutes – “Looks Right” Is No Longer Enough
/in General NewsGenerative AI is making document fraud faster and harder to spot, pushing security teams to verify provenance, signatures and file integrity at intake securely.
Hackread – Cybersecurity News, Data Breaches, AI and More – Read More
Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments
/in General NewsResearchers uncovered two campaigns embedding indirect prompt injections in malicious websites to exploit autonomous AI agents browsing the web.
The post Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments appeared first on SecurityWeek.
SecurityWeek – Read More
New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS
/in General NewsCybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that’s capable of targeting Windows, Linux, and macOS environments.
According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service (MaaS) model, costing anywhere between $150 for one month to $1,200 for lifetime access. Other subscription tiers include $300 for
The Hacker News – Read More
ICE’s Internal Watchdog Is Now Investigating Online Critics
/in General NewsThe Office of Professional Responsibility has opened more than 100 cases over what ICE officials call “incidents of doxing and threats” against ICE employees.
Security Latest – Read More
New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
/in General NewsResearchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a faint radio signal a nearby receiver can decode.
But TrojPix works only once malware is already on the target machine, so it
The Hacker News – Read More
Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages
/in General NewsResearchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits.
In a proof of concept, they reconstructed a signed-in user’s full Gmail address from a single visit, with no click. Opera has patched the flaw and says it found no evidence that
The Hacker News – Read More
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
/in General NewsScanners meant to catch malicious add-on “skills” for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology.
Their strongest trick slipped past every scanner tested more than 90% of the time, and the same team built a runtime checker that catches most of the
The Hacker News – Read More
Alibaba reportedly bans employees from using Claude Code
/in General NewsAlibaba has reportedly classified Claude Code as high-risk software.
Security News | TechCrunch – Read More