BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Microsoft’s January 2024 Windows Update Patches 48 New Vulnerabilities
/in General NewsMicrosoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024.
Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days.
The
The Hacker News – Read More
SEC Chair Says Account on X Was Hacked
/in General NewsThe SEC said that a post on X, announcing that the securities regulator had approved the trading of exchange-traded funds holding bitcoin was fake, and that the agency’s account had been “compromised.”
The post SEC Chair Says Account on X Was Hacked appeared first on SecurityWeek.
SecurityWeek – Read More
The SEC’s Official X Account Was ‘Compromised’ and Used to Post Fake Bitcoin News
/in General NewsThe US financial regulator says its official @SECGov account was “compromised,” resulting in an “unauthorized” post about the status of Bitcoin ETFs.
Security Latest – Read More
Path Traversal Bug Besets Popular Kyocera Office Printers
/in General NewsA printer bug could lead to much worse, in IT networks without proper segmentation.
darkreading – Read More
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security
/in General NewsA second, easy-to-exploit critical security vulnerability in Microsoft’s first 2024 Patch Tuesday allows RCE within Hyper-Virtualization.
darkreading – Read More
Ukraine Claims Revenge Hack Against Moscow Internet Provider
/in General NewsReports say M9 Telecom servers were destroyed in retaliation for Russia-backed cyberattack against Kyivstar mobile phone operator.
darkreading – Read More
Hospitality Hackers Target Hotels’ Booking.com Logins
/in General NewsCyberattackers are checking into the accounts of Booking.com’s hotel partners, hoping to steal their visitor data.
darkreading – Read More
Indian ISP Hathway Data Breach: Hacker Leaks 4 Million Users, KYC Data
/in General NewsBy Waqas
While Hathway hasn’t commented yet, analysis of the leaked data by Hackread.com suggests the breach may be authentic and could have serious consequences for affected individuals.
This is a post from HackRead.com Read the original post: Indian ISP Hathway Data Breach: Hacker Leaks 4 Million Users, KYC Data
Hackread – Latest Cybersecurity News, Press Releases & Technology Today – Read More
Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V
/in General NewsPatch Tuesday: Redmond patches critical, remote code execution vulnerabilities haunting Windows Kerberos and Windows Hyper-V.
The post Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V appeared first on SecurityWeek.
SecurityWeek – Read More
Delinea Acquires Authomize to Tackle Identity-Based Threats
/in General NewsDelinea acquires Israeli startup Authomize to add identity threat detection and response (IDTR) technologies to its product portfolio.
The post Delinea Acquires Authomize to Tackle Identity-Based Threats appeared first on SecurityWeek.
SecurityWeek – Read More