BackBox.org News – Page 20 – Latest news and insights on Security

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

March 30, 2026/in General News

Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded.
This year’s findings reveal three core trends: AI has

The Hacker News – Read More

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

March 30, 2026/in General News

Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux.

The post Telnyx Targeted in Growing TeamPCP Supply Chain Attack appeared first on SecurityWeek.

SecurityWeek – Read More

Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare

March 30, 2026/in General News

Iran-linked hacking groups are turning to high-volume, low-impact cyberattacks, and AI is providing a boost.

The post Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare appeared first on SecurityWeek.

SecurityWeek – Read More

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

March 30, 2026/in General News

The critical-severity flaw leaks application memory and can be exploited to obtain authenticated administrative session IDs.

The post Exploitation of Fresh Citrix NetScaler Vulnerability Begins appeared first on SecurityWeek.

SecurityWeek – Read More

Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

March 30, 2026/in General News

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that’s distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders.
The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables” to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling

The Hacker News – Read More

3 red flags that job posting is a scam – and how to verify safely

March 30, 2026/in General News

In a tough job market, having a recruiter offer you a job might seem like a dream – but make sure it’s not a scam.

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

March 30, 2026/in General News

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a “complex and well-resourced operation.”
The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL

The Hacker News – Read More

F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

March 30, 2026/in General News

Initially disclosed as a high-severity denial-of-service (DoS), the bug was reclassified as a critical RCE issue.

The post F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild appeared first on SecurityWeek.

SecurityWeek – Read More

FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers

March 30, 2026/in General News

The agency said Iranian hackers targeted the director’s personal email account and noted that the compromised information is old.

The post FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers appeared first on SecurityWeek.

SecurityWeek – Read More

If Microsoft really wants to fix Windows 11, it should do these four things ASAP

March 30, 2026/in General News

Opinion: Microsoft says it’s listening to feedback and getting back to fundamentals with Windows 11. I have a few suggestions for how the company can prove it’s serious.

BackBox News

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

3 red flags that job posting is a scam – and how to verify safely

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers

If Microsoft really wants to fix Windows 11, it should do these four things ASAP

Company Blogs

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

How to protect your organization from AirSnitch Wi-Fi vulnerabilities | Kaspersky official blog

[Video] The TTP Ep. 22: The Collapse of the Patch Window

The threat hunter’s gambit

How Phishing Is Targeting Germany’s Economy: Active Threats from Finance to Manufacturing

Fake BTS ARIRANG tour tickets: K-pop fans being targeted by scammers | Kaspersky official blog

The Week in Vulnerabilities: OpenClaw, FreeBSD, F5 BIG-IP, and Critical ICS Bugs

From the field to the report and back again: How incident responders can use the Year in Review

Building Phishing Detection That Works: 3 Steps for CISOs

Dual-Brain Architecture: The Cybersecurity AI Innovation That Changes Everything

Hacking Tools

Exploit DB