BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
- Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
- Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames
- Torward - An Improved Version Based On The Torghost-Gn And Darktor Scripts, Designed To Enhance Anonymity On The Internet
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
M&S Cyberattack Disrupts Contactless Payments and Click & Collect Services
/in General NewsMarks & Spencer (M&S) cyberattack disrupts contactless payments and Click & Collect; investigation launched as retailer apologises and…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Kelly Benefits Data Breach Impacts 260,000 People
/in General NewsBenefits and payroll solutions provider Kelly Benefits has disclosed a data breach impacting more than 260,000 individuals.
The post Kelly Benefits Data Breach Impacts 260,000 People appeared first on SecurityWeek.
SecurityWeek – Read More
Cyberattack Hits British Retailer Marks & Spencer
/in General NewsBritish retailer Marks & Spencer has been experiencing certain service disruptions after falling victim to a cyberattack.
The post Cyberattack Hits British Retailer Marks & Spencer appeared first on SecurityWeek.
SecurityWeek – Read More
Data Breach at Onsite Mammography Impacts 350,000
/in General NewsMassachusetts medical firm Onsite Mammography discloses data breach impacting the personal information of 350,000 patients.
The post Data Breach at Onsite Mammography Impacts 350,000 appeared first on SecurityWeek.
SecurityWeek – Read More
Best antivirus for Mac in 2025: I tested your top software options
/in General NewsProtect yourself and your Mac with the top antivirus software for Mac in the market, tested and recommended by our experts.
Latest stories for ZDNET in Security – Read More
Terra Security Raises $8M for Agentic AI Penetration Testing Platform
/in General NewsCybersecurity startup Terra Security has raised $8 million in seed funding from SYN Ventures, FXP Ventures, and Underscore VC.
The post Terra Security Raises $8M for Agentic AI Penetration Testing Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Ripple’s xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack
/in General NewsThe Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users’ private keys.
The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3.
The Hacker News – Read More
Korean Telco Giant SK Telecom Hacked
/in General NewsSK Telecom, South Korea’s largest telecom company, disclosed a data leak involving a malware infection.
The post Korean Telco Giant SK Telecom Hacked appeared first on SecurityWeek.
SecurityWeek – Read More
The Tech That Safeguards the Conclave’s Secrecy
/in General NewsFollowing the death of Pope Francis, the Vatican is preparing to organize a new conclave in less than 20 days. This is how they’ll tamp down on leaks.
Security Latest – Read More
Tech resilience, breakout startups, and banking reinvented: The big conversations at StrictlyVC London in May
/in General NewsStrictlyVC is heading to London on May 13, uniting top investors and entrepreneurs to spark meaningful connections and drive forward innovation. We’re thrilled to welcome industry leaders like Nazo Moosa, general partner at Paladin Capital Group; Sonali De Rycker, partner at Accel; and TS Anil, CEO of Monzo Bank, to the stage. Paladin is proud […]
Security News | TechCrunch – Read More