BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Gmail’s New Encrypted Messages Feature Opens a Door for Scams
/in General NewsGoogle is rolling out an end-to-end encrypted email feature for business customers, but it could spawn phishing attacks, particularly in non-Gmail inboxes.
Security Latest – Read More
Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances
/in General NewsThe latest Verizon DBIR landed this week with a startling statistic about the security posture of VPNs and network edge devices.
The post Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances appeared first on SecurityWeek.
SecurityWeek – Read More
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware
/in General NewsAt least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.
The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in
The Hacker News – Read More
Speak at TechCrunch Disrupt 2025: Applications now open
/in General NewsTechCrunch Disrupt returns October 27–29 to Moscone West in San Francisco — and we’re inviting thought leaders, founders, VCs, and tech experts to apply for a chance to take the stage at one of the most anticipated tech events of the year. Applications are now open to speak at Disrupt 2025, where over 10,000+ tech […]
Security News | TechCrunch – Read More
Ransomware now plays a role in nearly half of all breaches, new research finds
/in General NewsVerizon researchers found that 64% of ransomware victims did not pay the ransoms — which was up from 50% two years ago.
The Record from Recorded Future News – Read More
dRPC Launches NodeHaus to Streamline Blockchain and Web3 Infrastructure
/in General NewsBlockchain infrastructure provider dRPC has announced the launch of a NodeHaus platform that enables chain foundations unprecedented control…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Push Security Raises $30 Million in Series B Funding
/in General NewsPush Security has raised $30 million in Series B funding to scale its browser-based identity security platform.
The post Push Security Raises $30 Million in Series B Funding appeared first on SecurityWeek.
SecurityWeek – Read More
Cyberattack hits drinking water supplier in Spanish town near Barcelona
/in General NewsThe municipal water company in the town of Mataró said it is working with the Catalonian authorities to recover and restore its infrastructure.
The Record from Recorded Future News – Read More
New SessionShark Phishing Kit Bypasses MFA to Steal Office 365 Logins
/in General NewsSessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Securing Fintech Operations Through Smarter Controls and Automation
/in General NewsWith the rise of fintechs, accuracy alone isn’t enough, security and reliability are just as necessary. For fintech…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More