https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-01-29 10:06:492025-01-29 10:06:49Frenos Raises $3.88M in Seed Funding for OT Security Assessment Platform
Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access.
The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection.
“A malicious user with network access may be able to use specially crafted SQL queries to gain database
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-01-29 06:07:052025-01-29 06:07:05Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild.
“Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration,” GreyNoise researcher Glenn Thorpe said in an alert
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-01-29 06:07:052025-01-29 06:07:05Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.
“This research focuses on completing the picture of UAC-0063’s operations, particularly documenting their expansion beyond their initial focus on Central Asia,
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-01-29 06:07:042025-01-29 06:07:04UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
MGM Resorts International agreed to pay $45 million to settle multiple class action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-01-29 01:07:042025-01-29 01:07:04MGM agrees to pay $45 million to victims of 2019 data breach and 2023 ransomware attack
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-01-28 23:07:042025-01-28 23:07:04OAuth Flaw Exposed Millions of Airline Users to Account Takeovers
The ransomware group provides everything an affiliate could want to breach and attack victims, including a quality controlled recruitment system to engage even more criminals.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-01-28 23:07:032025-01-28 23:07:03Lynx Ransomware Group ‘Industrializes’ Cybercrime With Affiliates
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-01-28 21:07:552025-01-28 21:07:55Super Bowl LIX Could Be a Magnet for Cyberattacks
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-01-28 21:07:542025-01-28 21:07:54VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Frenos Raises $3.88M in Seed Funding for OT Security Assessment Platform
/in General NewsFrenos, a company that has developed an autonomous OT security assessment platform, has raised $3.88 million in seed funding.
The post Frenos Raises $3.88M in Seed Funding for OT Security Assessment Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
/in General NewsBroadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access.
The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection.
“A malicious user with network access may be able to use specially crafted SQL queries to gain database
The Hacker News – Read More
Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
/in General NewsCybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild.
“Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration,” GreyNoise researcher Glenn Thorpe said in an alert
The Hacker News – Read More
UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
/in General NewsThe advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.
“This research focuses on completing the picture of UAC-0063’s operations, particularly documenting their expansion beyond their initial focus on Central Asia,
The Hacker News – Read More
MGM agrees to pay $45 million to victims of 2019 data breach and 2023 ransomware attack
/in General NewsMGM Resorts International agreed to pay $45 million to settle multiple class action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023.
The Record from Recorded Future News – Read More
OAuth Flaw Exposed Millions of Airline Users to Account Takeovers
/in General NewsThe now-fixed vulnerability involved a major travel services company that’s integrated with dozens of airline websites worldwide.
darkreading – Read More
Lynx Ransomware Group ‘Industrializes’ Cybercrime With Affiliates
/in General NewsThe ransomware group provides everything an affiliate could want to breach and attack victims, including a quality controlled recruitment system to engage even more criminals.
darkreading – Read More
Phishing Campaign Baits Hook With Malicious Amazon PDFs
/in General NewsIn their discovery, researchers found 31 PDF files linking to these phishing websites, none of which have been yet submitted to VirusTotal.
darkreading – Read More
Super Bowl LIX Could Be a Magnet for Cyberattacks
/in General NewsConcerns include everything from ransomware, malware, and phishing attacks on the game’s infrastructure to those targeting event sponsors and fans.
darkreading – Read More
VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer
/in General NewsVMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access.
The post VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer appeared first on SecurityWeek.
SecurityWeek – Read More