A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases.
The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-20 12:07:052025-02-20 12:07:05Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-20 12:07:042025-02-20 12:07:04PoC Exploit Published for Critical Ivanti EPM Vulnerabilities
FBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-20 12:07:032025-02-20 12:07:03FBI and CISA Warn of Ghost Ransomware: A Threat to Firms Worldwide
Breeze Liu has been a prominent advocate for victims. But even she struggled to scrub nonconsensual intimate images and videos of herself from the web.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-20 11:07:072025-02-20 11:07:07How One AI Startup Founder Cornered Microsoft Into Finally Taking Down Explicit Videos of Her
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-20 11:07:062025-02-20 11:07:06‘Darcula’ Phishing Kit Can Now Impersonate Any Brand
Combining home security with hub capability, the Aqara Camera Hub G5 Pro also delivers AI-powered visual recognition features – all without a subscription.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-20 08:07:142025-02-20 08:07:14Aqara’s first outdoor camera is this smart home enthusiast’s dream device – here’s why
Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0
It has been described as a case of improper privilege management that could
Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.
The vulnerabilities are listed below –
CVE-2025-21355 (CVSS score: 8.6) – Microsoft Bing Remote Code Execution Vulnerability
CVE-2025-24989 (CVSS score: 8.2) – Microsoft Power Pages Elevation of Privilege Vulnerability
DOGE technologists Edward Coristine—the 19-year-old known online as “Big Balls”—and Kyle Schutt are now listed as staff at the Cybersecurity and Infrastructure Security Agency.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00adminhttps://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.pngadmin2025-02-20 02:07:122025-02-20 02:07:12DOGE Now Has Access to the Top US Cybersecurity Agency
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
/in General NewsA previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases.
The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw
The Hacker News – Read More
PoC Exploit Published for Critical Ivanti EPM Vulnerabilities
/in General NewsProof-of-concept (PoC) code and technical details on four critical-severity Ivanti EPM vulnerabilities are now available.
The post PoC Exploit Published for Critical Ivanti EPM Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
FBI and CISA Warn of Ghost Ransomware: A Threat to Firms Worldwide
/in General NewsFBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Microsoft Patches Exploited Power Pages Vulnerability
/in General NewsMicrosoft has patched CVE-2025-24989, a Power Pages privilege escalation vulnerability that has been exploited in attacks.
The post Microsoft Patches Exploited Power Pages Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
How One AI Startup Founder Cornered Microsoft Into Finally Taking Down Explicit Videos of Her
/in General NewsBreeze Liu has been a prominent advocate for victims. But even she struggled to scrub nonconsensual intimate images and videos of herself from the web.
Security Latest – Read More
‘Darcula’ Phishing Kit Can Now Impersonate Any Brand
/in General NewsWith Version 3, would-be phishers can cut and paste a big brand’s URL into a template and let automation do the rest.
darkreading – Read More
Aqara’s first outdoor camera is this smart home enthusiast’s dream device – here’s why
/in General NewsCombining home security with hub capability, the Aqara Camera Hub G5 Pro also delivers AI-powered visual recognition features – all without a subscription.
Latest stories for ZDNET in Security – Read More
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
/in General NewsCitrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0
It has been described as a case of improper privilege management that could
The Hacker News – Read More
Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
/in General NewsMicrosoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.
The vulnerabilities are listed below –
CVE-2025-21355 (CVSS score: 8.6) – Microsoft Bing Remote Code Execution Vulnerability
CVE-2025-24989 (CVSS score: 8.2) – Microsoft Power Pages Elevation of Privilege Vulnerability
”
The Hacker News – Read More
DOGE Now Has Access to the Top US Cybersecurity Agency
/in General NewsDOGE technologists Edward Coristine—the 19-year-old known online as “Big Balls”—and Kyle Schutt are now listed as staff at the Cybersecurity and Infrastructure Security Agency.
Security Latest – Read More