BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
8 simple ways Mac users can better protect their privacy
/in General NewsJust because you’re running Apple’s rock-solid operating system doesn’t mean your privacy is automatically protected. These simple steps will keep you safer.
Latest stories for ZDNET in Security – Read More
Dialysis company DaVita reviewing data leaked by ransomware gang
/in General NewsThe Interlock ransomware gang posted samples from a trove of data it is claiming to have stolen from the company.
The Record from Recorded Future News – Read More
NFC-Powered Android Malware Enables Instant Cash-Outs
/in General NewsResearchers at security vendor Cleafy detailed a malware known as “SuperCard X” that uses the NFC reader on a victim’s own phone to steal credit card funds instantly.
darkreading – Read More
Backdoor Found in Official XRP Ledger NPM Package
/in General NewsXRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
North Korean IT workers seen using AI tools to scam firms into hiring them
/in General NewsNorth Korean IT workers illicitly gaining employment at U.S. and European tech companies are increasingly using generative artificial intelligence in a variety of ways to assist them throughout the job application and interview process.
The Record from Recorded Future News – Read More
RSA Conference 2025 – Pre-Event Announcements Summary (Part 1)
/in General NewsHundreds of companies are showcasing their products and services at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 – Pre-Event Announcements Summary (Part 1) appeared first on SecurityWeek.
SecurityWeek – Read More
FBI: Cybercrime Losses Rocket to $16.6B in 2024
/in General NewsThe losses are 33% higher than the year before, with phishing leading the way as the most-reported cybercrime last year, and ransomware was the top threat to critical infrastructure, according to the FBI Internet Crime Report.
darkreading – Read More
Blue Shield Leaked Millions of Patient Info to Google for Years
/in General NewsBlue Shield of California exposed the health data of 4.7 million members to Google for years due to…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Jericho Security Gets $15 Million for AI-Powered Awareness Training
/in General NewsJericho Security has raised $15 million in Series A funding for its AI-powered employee cybersecurity training platform.
The post Jericho Security Gets $15 Million for AI-Powered Awareness Training appeared first on SecurityWeek.
SecurityWeek – Read More
Gmail’s New Encrypted Messages Feature Opens a Door for Scams
/in General NewsGoogle is rolling out an end-to-end encrypted email feature for business customers, but it could spawn phishing attacks, particularly in non-Gmail inboxes.
Security Latest – Read More