BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
[wp-rss-aggregator feeds="kitploit" limit="10" pagination="off"]
Exploit DB
[wp-rss-aggregator feeds="exploit-db" limit="10" pagination="off"]
Latest news and insights on Security
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
/in General NewsBad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber.
In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours.
CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal vulnerability in FortiSandbox JRPC API that could
The Hacker News – Read More
Cybersecurity Executives Urge the Trump Administration to Ease Restrictions on Anthropic AI Models
/in General NewsA group of cybersecurity executives and experts is asking the Trump administration to lift its directive preventing the use of Anthropic’s latest artificial intelligence models by foreign nationals.
The post Cybersecurity Executives Urge the Trump Administration to Ease Restrictions on Anthropic AI Models appeared first on SecurityWeek.
SecurityWeek – Read More
Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages
/in General NewsArch Linux suspended account registrations in response to the wave of malicious packages being uploaded to AUR.
The post Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages appeared first on SecurityWeek.
SecurityWeek – Read More
Best of Android Fax Apps: Top 5 Secure Picks for 2026
/in General NewsDiscover the best of Android fax apps to send and receive secure documents on the go. Compare Municorn Fax App, Fax.Plus, and other top Android tools.
Hackread – Cybersecurity News, Data Breaches, AI and More – Read More
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
/in General NewsThe North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT.
“The attack email contained a message impersonating an MS account security alert,” the Genians Security Center (GSC) said. “It was designed to create concern over possible
The Hacker News – Read More
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026.
The vulnerability in question is CVE-2026-54420 (CVSS score: 8.5), which has been described as a case of privilege
The Hacker News – Read More
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
/in General NewsCisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0.
“A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or
The Hacker News – Read More
Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks
/in General NewsCisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write.
The post Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Nintendo Alleged Data Breach: Threat Actor Demands $2M Ransom
/in General NewsNintendo faces an alleged data extortion incident involving HR records, internal reports, and potential exposure of third-party vendors.
The post Nintendo Alleged Data Breach: Threat Actor Demands $2M Ransom appeared first on TechRepublic.
Security Archives – TechRepublic – Read More
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
/in General NewsA China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email.
The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the unusual part: the attackers rewired the victims’ own Google Workspace rules to copy any message
The Hacker News – Read More