BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
[wp-rss-aggregator feeds="kitploit" limit="10" pagination="off"]
Exploit DB
[wp-rss-aggregator feeds="exploit-db" limit="10" pagination="off"]
Latest news and insights on Security
Invoicely Database Leak Exposes 180,000 Sensitive Records
/in General NewsCybersecurity researcher Jeremiah Fowler discovered nearly 180,000 files, including PII and banking details, left exposed on an unprotected database linked to the Invoicely platform. Read about the identity theft and financial fraud risks for over 250,000 businesses worldwide.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
/in General NewsThink your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now.
Get the complete Holiday Season Security Playbook here.
Bottom Line Up Front
The 2024 holiday season saw major
The Hacker News – Read More
Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors
/in General NewsMalware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors.
The activity, described as akin to an “exploit shotgun” approach, has singled out a wide range of internet-exposed infrastructure, including routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and
The Hacker News – Read More
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
/in General NewsMicrosoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving “credible reports” in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users’ devices.
“Threat actors were leveraging basic social engineering techniques alongside unpatched (0-day) exploits in Internet Explorer’s JavaScript
The Hacker News – Read More
Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data
/in General NewsIt’s unclear if the new Oracle E-Business Suite flaw, which can be exploited remotely without authentication, has been used in the wild.
The post Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data appeared first on SecurityWeek.
SecurityWeek – Read More
Spanish Authorities Dismantle ‘GXC Team’ Crime-as-a-Service Operation
/in General NewsThe authorities arrested GoogleXcoder, the alleged administrator of GXC Team, which offered phishing kits and Android malware.
The post Spanish Authorities Dismantle ‘GXC Team’ Crime-as-a-Service Operation appeared first on SecurityWeek.
SecurityWeek – Read More
Extortion Group Leaks Millions of Records From Salesforce Hacks
/in General NewsThe data allegedly pertains to Albertsons, Engie Resources, Fujifilm, GAP, Qantas, and Vietnam Airlines.
The post Extortion Group Leaks Millions of Records From Salesforce Hacks appeared first on SecurityWeek.
SecurityWeek – Read More
I found a Windows PC with a tandem OLED, and can’t go back to graphic design on anything else
/in General NewsWith a drop-dead gorgeous tandem OLED and powerful hardware, the Yoga Pro 9i Aura Edition is a high-performance device, but it’s hungry for power.
Latest news – Read More
German state replaces Microsoft Exchange and Outlook with open-source email
/in General NewsDigital sovereignty isn’t a phrase you often hear in the US, but it’s a big deal in Europe. Here’s why.
Latest news – Read More
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
/in General NewsCybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns.
“Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware
The Hacker News – Read More