BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
- Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
- Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames
- Torward - An Improved Version Based On The Torghost-Gn And Darktor Scripts, Designed To Enhance Anonymity On The Internet
- Instagram-Brute-Force-2024 - Instagram Brute Force 2024 Compatible With Python 3.13 / X64 Bit / Only Chrome Browser
- QuickResponseC2 - A Command & Control Server That Leverages QR Codes To Send Commands And Receive Results From Remote Systems
- Telegram-Scraper - A Powerful Python Script That Allows You To Scrape Messages And Media From Telegram Channels Using The Telethon Library
- Moukthar - Android Remote Administration Tool
Exploit DB
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
- [webapps] Apache Commons Text 1.10.0 - Remote Code Execution
- [webapps] Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
- [webapps] Tatsu 3.3.11 - Unauthenticated RCE
- [remote] Langflow 1.3.0 - Remote Code Execution (RCE)
- [webapps] UJCMS 9.6.3 - User Enumeration via IDOR
- [webapps] Inventio Lite 4 - SQL Injection
- [webapps] KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
- [hardware] ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution
Save 70% on a Course Showing You How to Invest in Crypto
/in General NewsIn this online training course, learn about NFTs, blockchain, decentralized apps, and more.
Security | TechRepublic – Read More
Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation
/in General NewsA group of financial organizations is asking CISA to rescind and reissue its proposed implementation of CIRCIA.
The post Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation appeared first on SecurityWeek.
SecurityWeek – Read More
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
/in General NewsElastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution.
“Prototype pollution in Kibana leads to
The Hacker News – Read More
Nigerian Accused of Hacking Tax Preparation Firms Extradited to US
/in General NewsMatthew Akande was extradited to the US to face charges for his role in hacking into Massachusetts tax preparation firms’ networks.
The post Nigerian Accused of Hacking Tax Preparation Firms Extradited to US appeared first on SecurityWeek.
SecurityWeek – Read More
Outsmarting Cyber Threats with Attack Graphs
/in General NewsCyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into how attackers move through their environment.
This is where attack graphs come in. By mapping potential attack paths
The Hacker News – Read More
UK quietly scrubs encryption advice from government websites
/in General NewsThe UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access
/in General NewsOver 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors.
“Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed,” c/side researcher Himanshu Anand said in a Wednesday analysis.
The malicious JavaScript code has been found to be served via cdn.csyndication[
The Hacker News – Read More
AIceberg Gets $10 Million in Seed Funding for AI Security Platform
/in General NewsAIceberg has launched a solution that helps governments and enterprises with the safe, secure and compliant adoption of AI.
The post AIceberg Gets $10 Million in Seed Funding for AI Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks
/in General NewsScans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days.
The post Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
/in General NewsThe U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally.
The individuals include two officers of the People’s Republic of China’s (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private PRC company, Anxun
The Hacker News – Read More