BackBox.org News – Page 203 – Latest news and insights on Security

BackBox News

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

April 28, 2025/in General News

Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access.
The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities –

CVE-2024-58136 (CVSS score: 9.0) – An improper protection of alternate path flaw in the Yii PHP

The Hacker News – Read More

4chan is back online, says it’s been ‘starved of money’

April 27, 2025/in General News

4chan is partly back online after a hack took the infamous image-sharing site down for nearly two weeks. The site first went down on April 14, with the person responsible for the hack apparently leaking data including a list of moderators and “janitors” (one janitor told TechCrunch they were “confident” that the leaked data was […]

Security News | TechCrunch – Read More

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

April 27, 2025/in General News

Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year.
“The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors,” the Microsoft Threat Intelligence team said in an analysis.
The tech giant noted that

The Hacker News – Read More

Government officials are kind of bad at the internet

April 26, 2025/in General News

Perhaps no one in the world has made such catastrophic tech flubs this year as U.S. Secretary of Defense Pete Hegseth. The saga started when the editor-in-chief of The Atlantic, Jeffrey Goldberg, reported that he had been mistakenly added to an unauthorized Signal group chat by U.S. National Security Advisor Michael Waltz, where numerous high-ranking […]

Security News | TechCrunch – Read More

Planet Technology Industrial Switch Flaws Risk Full Takeover – Patch Now

April 26, 2025/in General News

Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control.…

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More

SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells

April 26, 2025/in General News

A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how…

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More

Cynomi Raises $37 Million Series B to Expand Its vCISO Platform

April 26, 2025/in General News

Cynomi announced a new $37 million Series B funding to grow its AI-powered vCISO platform for MSPs and MSSPs.

The post Cynomi Raises $37 Million Series B to Expand Its vCISO Platform appeared first on SecurityWeek.

SecurityWeek – Read More

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

April 26, 2025/in General News

Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS.
The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN).
“LAGTOY can be

The Hacker News – Read More

Pete Hegseth’s Signal Scandal Spirals Out of Control

April 26, 2025/in General News

Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies.

Security Latest – Read More

If we want a passwordless future, let’s get our passkey story straight

April 26, 2025/in General News

Passwords and passkeys each involve a secret. The critical difference: How that secret gets handled.

Latest stories for ZDNET in Security – Read More

Company Blogs

Hacking Tools

[wp-rss-aggregator feeds="kitploit" limit="10" pagination="off"]

Exploit DB

[wp-rss-aggregator feeds="exploit-db" limit="10" pagination="off"]

BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.

Click me

Make a Donation

BackBox News

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

4chan is back online, says it’s been ‘starved of money’

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

Government officials are kind of bad at the internet

Planet Technology Industrial Switch Flaws Risk Full Takeover – Patch Now

SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells

Cynomi Raises $37 Million Series B to Expand Its vCISO Platform

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

Pete Hegseth’s Signal Scandal Spirals Out of Control

If we want a passwordless future, let’s get our passkey story straight

Company Blogs

SharePoint under fire: ToolShell attacks hit organizations worldwide

Hijacking Discord invite links to install malware | Kaspersky official blog

BRB, pausing for a “Sanctuary Moon” marathon

Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities

Top Email Security Risks for Businesses and How to Catch Them Before They Cause Damage

Unmasking the new Chaos RaaS group attacks

How to protect yourself from Google Forms scams | Kaspersky official blog

How to set up security and privacy in Garmin apps | Kaspersky official blog

Beating Supply Chain Attacks: DHL Impersonation Case Study

Meet Hazel Burton

Hacking Tools

Exploit DB