BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
How Breaches Start: Breaking Down 5 Real Vulns
/in General NewsNot every security vulnerability is high risk on its own – but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruder’s bug-hunting team, reveal how attackers turn overlooked flaws into serious security incidents.
1. Stealing AWS Credentials with a Redirect
Server-Side Request Forgery (SSRF) is a
The Hacker News – Read More
JokerOTP Dismantled After 28,000 Phishing Attacks, 2 Arrested
/in General NewsJokerOTP dismantled after 28,000 phishing attacks across 13 countries; UK and Dutch police arrest two suspects linked to £7.5M cyber fraud.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Car Subscription Features Raise Your Risk of Government Surveillance, Police Records Show
/in General NewsRecords reviewed by WIRED show law enforcement agencies are eager to take advantage of the data trails generated by a flood of new internet-connected vehicle features.
Security Latest – Read More
Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools
/in General NewsGovernment and telecommunications sectors in Southeast Asia have become the target of a “sophisticated” campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024.
The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the
The Hacker News – Read More
RSA Conference 2025 – Pre-Event Announcements Summary (Part 3)
/in General NewsHundreds of companies are showcasing their products and services this week at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 – Pre-Event Announcements Summary (Part 3) appeared first on SecurityWeek.
SecurityWeek – Read More
African Telecom Giant MTN Group Discloses Data Breach
/in General NewsMTN Group says the personal information of certain customers was compromised in a cybersecurity incident.
The post African Telecom Giant MTN Group Discloses Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
/in General NewsCybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a “critical patch” but deploy a backdoor instead.
WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running
The Hacker News – Read More
Oregon Agency Won’t Say If Hackers Stole Data in Cyberattack
/in General NewsOregon’s environmental agency won’t say if a group of hackers stole data in a cyberattack that was first announced earlier this month.
The post Oregon Agency Won’t Say If Hackers Stole Data in Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
/in General NewsThreat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access.
The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities –
CVE-2024-58136 (CVSS score: 9.0) – An improper protection of alternate path flaw in the Yii PHP
The Hacker News – Read More
4chan is back online, says it’s been ‘starved of money’
/in General News4chan is partly back online after a hack took the infamous image-sharing site down for nearly two weeks. The site first went down on April 14, with the person responsible for the hack apparently leaking data including a list of moderators and “janitors” (one janitor told TechCrunch they were “confident” that the leaked data was […]
Security News | TechCrunch – Read More