BackBox News

Latest news and insights on Security

UK plans for cybercrime law reform would protect almost no one, experts warn

UK plans for cybercrime law reform would protect almost no one, experts warn

The proposals would require researchers to cease activity the moment a vulnerability is identified, meaning they could not confirm it was real, assess its severity or determine its exploitability.

The Record from Recorded Future News – ​Read More

I tested Motorola’s $1,500 Razr Ultra, and it’s so close to being my dream flip phone

The 2026 Razr Ultra delivers major hardware upgrades while maintaining the same stylish design it’s known for. Too bad it’s overpriced.

Latest news – ​Read More

The Flipper One is a full-on Linux cyberdeck that solves my biggest Raspberry Pi problem

If you love your Flipper Zero, you’re really going to flip over the new Flipper One.

Latest news – ​Read More

Content Delivery Exploit Opens Websites to Brand Hijacking

Content Delivery Exploit Opens Websites to Brand Hijacking

The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity.

darkreading – ​Read More

When Identity is the Attack Path

When Identity is the Attack Path

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have opened a path to some 98% of entities in the company’s cloud

The Hacker News – ​Read More

Socket Raises $60 Million at $1 Billion Valuation

The company will invest in its firewall, certified patches, protection extensions, new products, and team expansion.

The post Socket Raises $60 Million at $1 Billion Valuation appeared first on SecurityWeek.

SecurityWeek – ​Read More

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution.

The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek.

SecurityWeek – ​Read More

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

Security Latest – ​Read More

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking.

The post Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility appeared first on SecurityWeek.

SecurityWeek – ​Read More

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years.

The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major

The Hacker News – ​Read More

BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.