BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing
/in General NewsRussian APT group Storm-2372 employs device code phishing to bypass Multi-Factor Authentication (MFA). Targets include government, technology, finance,…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims
/in General NewsThe most damaging attacks continue to be ransomware, but financial fraud claims are more numerous — and both are driven by increasing third-party breaches.
darkreading – Read More
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
/in General NewsFortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched.
The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
“A threat actor used a known
The Hacker News – Read More
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle
/in General NewsThe CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.
The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek.
SecurityWeek – Read More
Using Third-Party ID Providers Without Losing Zero Trust
/in General NewsWith $4.4 billion in worldwide data breach fines in 2024, the cost of not knowing who’s walking into your systems is devastating.
darkreading – Read More
Lab provider for Planned Parenthood discloses breach affecting 1.6 million people
/in General NewsThe breach affecting Laboratory Services Cooperative involves sensitive information about medical care, as well as bank account details.
The Record from Recorded Future News – Read More
Biometrics vs. passcodes: What lawyers recommend if you’re worried about warrantless phone searches
/in General NewsDo passcodes really protect you more from warrantless phone searches than biometrics? It’s complicated.
Latest stories for ZDNET in Security – Read More
Hackers Breach Morocco’s Social Security Database
/in General NewsThe hackers who posted the documents on Telegram said the attack was in response to alleged Moroccan “harassment” of Algeria on social media platforms.
The post Hackers Breach Morocco’s Social Security Database appeared first on SecurityWeek.
SecurityWeek – Read More
Organizations Lack Incident Response Plans, But Answers Are on the Way
/in General NewsDeveloping strong incident response plans remains an area that requires significant improvement. Here are some shortcomings and how to address them.
darkreading – Read More
Vulnerability in OttoKit WordPress Plugin Exploited in the Wild
/in General NewsA vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild.
The post Vulnerability in OttoKit WordPress Plugin Exploited in the Wild appeared first on SecurityWeek.
SecurityWeek – Read More