BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
[wp-rss-aggregator feeds="kitploit" limit="10" pagination="off"]
Exploit DB
[wp-rss-aggregator feeds="exploit-db" limit="10" pagination="off"]
Latest news and insights on Security
Paper Werewolf Threat Actor Targets Flash Drives With New Malware
/in General NewsThe threat actor, also known as Goffee, has been active since at least 2022 and has changed its tactics and techniques over the years while targeting Russian organizations.
darkreading – Read More
Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing
/in General NewsRussian APT group Storm-2372 employs device code phishing to bypass Multi-Factor Authentication (MFA). Targets include government, technology, finance,…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims
/in General NewsThe most damaging attacks continue to be ransomware, but financial fraud claims are more numerous — and both are driven by increasing third-party breaches.
darkreading – Read More
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
/in General NewsFortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched.
The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
“A threat actor used a known
The Hacker News – Read More
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle
/in General NewsThe CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.
The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek.
SecurityWeek – Read More
Using Third-Party ID Providers Without Losing Zero Trust
/in General NewsWith $4.4 billion in worldwide data breach fines in 2024, the cost of not knowing who’s walking into your systems is devastating.
darkreading – Read More
Lab provider for Planned Parenthood discloses breach affecting 1.6 million people
/in General NewsThe breach affecting Laboratory Services Cooperative involves sensitive information about medical care, as well as bank account details.
The Record from Recorded Future News – Read More
Biometrics vs. passcodes: What lawyers recommend if you’re worried about warrantless phone searches
/in General NewsDo passcodes really protect you more from warrantless phone searches than biometrics? It’s complicated.
Latest stories for ZDNET in Security – Read More
Hackers Breach Morocco’s Social Security Database
/in General NewsThe hackers who posted the documents on Telegram said the attack was in response to alleged Moroccan “harassment” of Algeria on social media platforms.
The post Hackers Breach Morocco’s Social Security Database appeared first on SecurityWeek.
SecurityWeek – Read More
Organizations Lack Incident Response Plans, But Answers Are on the Way
/in General NewsDeveloping strong incident response plans remains an area that requires significant improvement. Here are some shortcomings and how to address them.
darkreading – Read More