BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability
/in General NewsCISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659).
The post CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation
/in General NewsA new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in minutes flat.
Hackread – Cybersecurity News, Data Breaches, AI and More – Read More
Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability
/in General NewsA PoC exploit has been available since public disclosure, and the first exploitation attempts were observed last week.
The post Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials
/in General NewsResearchers show how context manipulation can cause agentic browsers to abandon safety guardrails and exfiltrate sensitive credentials.
The post ‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials appeared first on SecurityWeek.
SecurityWeek – Read More
Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm
/in General NewsAnthropic said Tuesday night that its AI model called Claude Fable 5 is now widely available.
The post Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm appeared first on SecurityWeek.
SecurityWeek – Read More
FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
/in General NewsThe recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions.
“An operator tied to FortiBleed’s infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deployment
The Hacker News – Read More
I tried Brave’s new stripped down Origin browser, and now it’s my top Chromium-based pick
/in General NewsIf you like the idea of Brave’s browser security, but all of the other features just get in your way, the developers have created a solution for you.
Latest news – Read More
AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
/in General NewsSecurity firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent.
Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credentials, moving deeper into the network, then encrypting and wiping a company’s production database.
Ransomware has always
The Hacker News – Read More
Opera is releasing a new feature that detects and blocks malicious clipboard content
/in General NewsIf you tend to copy/paste content from websites, you might be surprised to find yourself under the thrall of a ClickFix attack, but Opera has a solution to fix it before you click it.
Latest news – Read More
New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos
/in General NewsAttackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs.
Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the attacker a shell on your machine. YesWeHack and
The Hacker News – Read More