BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
/in General NewsCybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below –
node-telegram-utils (132 downloads)
node-telegram-bots-api (82 downloads)
node-telegram-util (73 downloads)
According to supply chain
The Hacker News – Read More
Florida Man Enters the Encryption Wars
/in General NewsPlus: A US judge rules against police cell phone “tower dumps,” China names alleged NSA agents it says were involved in cyberattacks, and Customs and Border Protection reveals its social media spying tools.
Security Latest – Read More
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
/in General NewsASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices.
The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0.
“An improper authentication control vulnerability exists in certain ASUS router firmware series,”
The Hacker News – Read More
Identity as the new perimeter: National Oilwell Varco’s approach to stopping the 79% of attacks that are malware-free
/in General NewsNOV’s CIO led a cyber strategy fusing Zero Trust, AI, and airtight identity controls to cut threats by 35x and eliminating reimaging.Read More
Security News | VentureBeat – Read More
Organizations Fix Less Than Half of All Exploitable Vulnerabilities, With Just 21% of GenAI App Flaws Resolved
/in General NewsPost Content
darkreading – Read More
Could Ransomware Survive Without Cryptocurrency?
/in General NewsThreat actors would be at least temporarily derailed, experts say. But the real issue ladders back to organizations’ weak cyber hygiene.
darkreading – Read More
AWWA Supports Introduction of Collaborative Cybersecurity Legislation
/in General NewsPost Content
darkreading – Read More
2025’s Top OSINT Tools: A Fresh Take on Open-Source Intel
/in General NewsCheck out the top OSINT tools of 2025, an updated list featuring the best free and paid open-source…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Chinese APT Mustang Panda Debuts 4 New Attack Tools
/in General NewsThe notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal.
darkreading – Read More
Attackers and Defenders Lean on AI in Identity Fraud Battle
/in General NewsIdentity verification, insurance claims, and financial services are all seeing surges in AI-enabled fraud, but organizations are taking advantage of AI systems to fight fire with fire.
darkreading – Read More