BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
/in General NewsCybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions.
The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below –
CVE-2025-27610 (CVSS score: 7.5) – A path traversal
The Hacker News – Read More
All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack
/in General NewsA new attack technique named Policy Puppetry can break the protections of major gen-AI models to produce harmful outputs.
The post All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack appeared first on SecurityWeek.
SecurityWeek – Read More
SAP Zero-Day Possibly Exploited by Initial Access Broker
/in General NewsA zero-day vulnerability in SAP NetWeaver potentially affects more than 10,000 internet-facing applications.
The post SAP Zero-Day Possibly Exploited by Initial Access Broker appeared first on SecurityWeek.
SecurityWeek – Read More
Why the road from passwords to passkeys is long, bumpy, and worth it – probably
/in General NewsThe passkey standard has reached a precarious moment. Let’s not blow it, OK?
Latest stories for ZDNET in Security – Read More
Nearly 500,000 impacted by 2023 cyberattack on Long Beach, California
/in General NewsMore than a year after a cyberattack on the government of Long Beach, California, the city is informing residents that information on nearly half a million people was leaked.
The Record from Recorded Future News – Read More
[Virtual Event] Anatomy of a Data Breach: And what to do if it happens to you
/in General NewsPost Content
darkreading – Read More
Is that really your boss calling? Jericho Security raises $15M to stop deepfake fraud that’s cost businesses $200M in 2025 alone
/in General NewsPentagon-backed Jericho Security raises $15 million to combat deepfake fraud that has already cost North American businesses $200 million in 2025, using AI to detect increasingly convincing voice and video impersonations.Read More
Security News | VentureBeat – Read More
Max-Severity Commvault Bug Alarms Researchers
/in General NewsThough already patched, the vulnerability is especially problematic because of the highly privileged access it offers to business-critical systems, sensitive data, and backups for attackers.
darkreading – Read More
Protecting Your Phone—and Your Privacy—at the US Border
/in General NewsIn this episode of Uncanny Valley, our hosts explain how to prepare for travel to and from the United States—and how to stay safe.
Security Latest – Read More
‘SessionShark’ ToolKit Evades Microsoft Office 365 MFA
/in General NewsThe creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide users if purchased indicates it’s anything but.
darkreading – Read More