BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
- Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
- Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames
- Torward - An Improved Version Based On The Torghost-Gn And Darktor Scripts, Designed To Enhance Anonymity On The Internet
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Ripple’s xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack
/in General NewsThe Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users’ private keys.
The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3.
The Hacker News – Read More
Korean Telco Giant SK Telecom Hacked
/in General NewsSK Telecom, South Korea’s largest telecom company, disclosed a data leak involving a malware infection.
The post Korean Telco Giant SK Telecom Hacked appeared first on SecurityWeek.
SecurityWeek – Read More
The Tech That Safeguards the Conclave’s Secrecy
/in General NewsFollowing the death of Pope Francis, the Vatican is preparing to organize a new conclave in less than 20 days. This is how they’ll tamp down on leaks.
Security Latest – Read More
Tech resilience, breakout startups, and banking reinvented: The big conversations at StrictlyVC London in May
/in General NewsStrictlyVC is heading to London on May 13, uniting top investors and entrepreneurs to spark meaningful connections and drive forward innovation. We’re thrilled to welcome industry leaders like Nazo Moosa, general partner at Paladin Capital Group; Sonali De Rycker, partner at Accel; and TS Anil, CEO of Monzo Bank, to the stage. Paladin is proud […]
Security News | TechCrunch – Read More
Zambia’s Updated Cyber Laws Prompt Surveillance Warnings
/in General NewsCritics — which include the US embassy in Zambia — contend the just-signed Cyber Security Act and the Cyber Crime Act allow suppression of dissent and too much concentration of power.
darkreading – Read More
Verizon: Edge Bugs Soar, Ransoms Lag, SMBs Bedeviled
/in General NewsThe cybersecurity landscape confounded expectations in 2024, as anticipated threats and risk didn’t materialize and less widely touted attack scenarios shot up.
darkreading – Read More
Thousands of Baltimore students, teachers affected by data breach following February ransomware attack
/in General NewsThousands of students, teachers and administrators had information stolen from the Baltimore City Public Schools system during a ransomware attack in February.
The Record from Recorded Future News – Read More
Microsoft Purges Millions of Cloud Tenants in Wake of Storm-0558
/in General NewsThe tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT’s breach of its Exchange Online environment in 2023.
darkreading – Read More
Fake Alpine Quest Mapping App Spotted Spying on Russian Military
/in General NewsFake Alpine Quest app laced with spyware was used to target Russian military Android devices, stealing location data,…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
3 More Healthcare Orgs Hit by Ransomware Attacks
/in General NewsDialysis firm DaVita, Wisconsin-based Bell Ambulance, and Alabama Ophthalmology Associates all suffered apparent or confirmed ransomware attacks this month.
darkreading – Read More