BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Elusive Comet Attack: Hackers Use Zoom Remote-Control to Steal Crypto
/in General NewsHackers in the Elusive Comet campaign exploit Zoom’s remote-control feature to steal cryptocurrency, and over $100K lost in…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign
/in General NewsThe Evolving Healthcare Cybersecurity Landscape
Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security approaches are proving inadequate. According to recent statistics, the healthcare sector
The Hacker News – Read More
AI-Powered Polymorphic Phishing Is Changing the Threat Landscape
/in General NewsCombined with AI, polymorphic phishing emails have become highly sophisticated, creating more personalized and evasive messages that result in higher attack success rates.
The post AI-Powered Polymorphic Phishing Is Changing the Threat Landscape appeared first on SecurityWeek.
SecurityWeek – Read More
Blue Shield of California Data Breach Impacts 4.7 Million People
/in General NewsBlue Shield of California says a website misconfiguration exposed the health information of its members to Google.
The post Blue Shield of California Data Breach Impacts 4.7 Million People appeared first on SecurityWeek.
SecurityWeek – Read More
5.5 Million Patients Affected by Data Breach at Yale New Haven Health
/in General NewsYale New Haven Health System recently discovered that the personal information of millions of patients was stolen from its systems.
The post 5.5 Million Patients Affected by Data Breach at Yale New Haven Health appeared first on SecurityWeek.
SecurityWeek – Read More
Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw
/in General NewsCisco is investigating the impact of the Erlang/OTP remote code execution vulnerability CVE-2025-32433 on its products.
The post Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw appeared first on SecurityWeek.
SecurityWeek – Read More
WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads
/in General NewsWhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups.
“This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy,” WhatsApp said in a statement.
The optional feature
The Hacker News – Read More
‘Industrial-Scale’ Asian Scam Centers Expand Globally
/in General NewsThe convergence of cybercrime, financial fraud, and organized crime poses a significant threat, especially where these syndicates excel at operating under the radar.
darkreading – Read More
Ransomware Gangs Innovate With New Affiliate Models
/in General NewsSecureworks research shows two ransomware operators offering multiple business models with ransomware-as-a-service, mimicking the structures and processes of legitimate businesses.
darkreading – Read More
Microsoft Claims Steady Progress Revamping Security Culture
/in General NewsIn the latest Secure Future Initiative Progress Report, Microsoft described efforts to rebuild its security culture, including making security a core priority for employees during performance reviews and launching a new “Secure by Design UX Toolkit.”
darkreading – Read More