BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
No feed items found.
Exploit DB
- [webapps] FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)
- [webapps] JUX Real Estate 3.4.0 - SQL Injection
- [webapps] Loaded Commerce 6.6 - Client-Side Template Injection(CSTI) (AngularJS)
- [webapps] Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE)
- [webapps] TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
- [webapps] Gitea 1.24.0 - HTML Injection
- [local] VeeVPN 1.6.1 - Unquoted Service Path
- [webapps] Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
/in General NewsUsers who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts.
The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month.
Targets of the campaign include individuals and
The Hacker News – Read More
A Signal Update Fends Off a Phishing Technique Used in Russian Espionage
/in General NewsGoogle warns that hackers tied to Russia are tricking Ukrainian soldiers with fake QR codes for Signal group invites that let spies steal their messages. Signal has pushed out new safeguards.
Security Latest – Read More
CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The flaws are listed below –
CVE-2025-0108 (CVSS score: 7.8) – An authentication bypass vulnerability in the Palo Alto Networks PAN-OS
The Hacker News – Read More
North Korea’s Kimsuky Taps Trusted Platforms to Attack South Korea
/in General NewsThe campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around.
darkreading – Read More
Xerox Printer Vulnerabilities Enable Credential Capture
/in General NewsAttackers are using patched bugs to potentially gain unfettered access to an organization’s Windows environment under certain conditions.
darkreading – Read More
$10 Infostealers Are Breaching Critical US Security: Military and Even the FBI Hit
/in General NewsA new report reveals how cheap Infostealer malware is exposing US military and defense data, putting national security at risk. Hackers exploit human error to gain access.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
SANS Institute Launches AI Cybersecurity Hackathon
/in General NewsPost Content
darkreading – Read More
China-Linked Threat Group Targets Japanese Orgs’ Servers
/in General NewsWinnti once used a variety of malware but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access.
darkreading – Read More
Thrive Acquires Secured Network Services
/in General NewsPost Content
darkreading – Read More
Hackers use ‘sophisticated’ macOS malware to steal cryptocurrency, Microsoft says
/in General NewsIn a report released on Monday, threat intelligence specialists at Microsoft said that they have discovered the new XCSSET strain in limited attacks. XCSSET, first spotted in the wild in August 2020, spreads by infecting Xcode projects, which developers use to create apps for Apple devices.
The Record from Recorded Future News – Read More