BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
[wp-rss-aggregator feeds="kitploit" limit="10" pagination="off"]
Exploit DB
[wp-rss-aggregator feeds="exploit-db" limit="10" pagination="off"]
Latest news and insights on Security
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core.
“Drupal Core
The Hacker News – Read More
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
/in General NewsA maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild.
The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions.
“Any cPanel user (including an attacker or a compromised account) may
The Hacker News – Read More
Best Buy is selling this 2TB Corsair SSD for over 60% off right now – and I vouch for it
/in General NewsExpand your Mac and iOS storage space for large program downloads, photos, and more with the 2TB Corsair EX400U SSD.
Latest news – Read More
I’ve tested portable speakers from Bose, Sony, JBL, more – these deals are actually worth it
/in General NewsI found the best Bluetooth speaker deals for your holiday weekend festivities.
Latest news – Read More
Thinking about plug-in solar? It may be coming to your state soon
/in General NewsHere’s what you should know if you have plug-in solar on your mind, especially if you’re in the US.
Latest news – Read More
‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested
/in General NewsThe FBI says First VPN has been used by dozens of ransomware groups for network reconnaissance and intrusions.
The post ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested appeared first on SecurityWeek.
SecurityWeek – Read More
TrendAI Patches Apex One Zero-Day Exploited in the Wild
/in General NewsCVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One.
The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek.
SecurityWeek – Read More
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
/in General NewsThe U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf.
In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be a variant of AISURU.
“Kimwolf
The Hacker News – Read More
China’s Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.
/in General NewsThe advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.
darkreading – Read More
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerabilities in question are listed below –
CVE-2025-34291 (CVSS score: 9.4) – An origin validation error vulnerability in Langflow that could
The Hacker News – Read More