BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Popular British Retailer Marks & Spencer Addresses ‘Cyber Incident’
/in General NewsM&S has launched an investigation and said some customer operations are impacted.
darkreading – Read More
North Korean Operatives Use Deepfakes in IT Job Interviews
/in General NewsUse of synthetic identities by malicious employment candidates is yet another way state-sponsored actors are trying to game the hiring process and infiltrate Western organizations.
darkreading – Read More
Millions impacted by data breaches at Blue Shield of California, mammography service and more
/in General NewsBlue Shield of California said an improper Google Analytics configuration exposed the data of more than 4.5 million people, while state regulators recently received more than a dozen other reports involving healthcare-related organizations.
The Record from Recorded Future News – Read More
Amazon’s SWE-PolyBench just exposed the dirty secret about your AI coding assistant
/in General NewsAmazon launches SWE-PolyBench, a groundbreaking multi-language benchmark that exposes critical limitations in AI coding assistants across Python, JavaScript, TypeScript, and Java while introducing new metrics beyond simple pass rates for real-world development tasks.Read More
Security News | VentureBeat – Read More
Japan Warns on Unauthorized Stock Trading via Stolen Credentials
/in General NewsAttackers are using credentials stolen via phishing websites that purport to be legitimate securities company homepages, duping victims and selling their stocks before they realize they’ve been hacked.
darkreading – Read More
Cloudflare: Government-backed internet shutdowns plummet to zero in first quarter
/in General NewsGovernments around the world have appeared to ease off from using internet shutdowns to silence protesters and control access to information, according to new data from internet infrastructure company Cloudflare.
The Record from Recorded Future News – Read More
AuthMind Raises $19.3 Million in Seed Funding
/in General NewsIdentity protection startup AuthMind has announced raising $19.3 million in a seed funding round led by Cheyenne Ventures.
The post AuthMind Raises $19.3 Million in Seed Funding appeared first on SecurityWeek.
SecurityWeek – Read More
From friction to flow: Why Swissport scrapped its VPN maze for Cato’s SASE fabric
/in General NewsSwissport ditches legacy tech, deploying a global, Zero Trust SASE architecture with Cato Networks securing 26,000 users, unlocking real-time control.Read More
Security News | VentureBeat – Read More
Kubernetes Pods Are Inheriting Too Many Permissions
/in General NewsScalable, effective — and best of all, free — securing Kubernetes workload identity cuts cyber-risk without adding infrastructure, according to new research from SANS.
darkreading – Read More
Ransomware groups test new business models to hit more victims, increase profits
/in General NewsThe DragonForce and Anubis groups are attempting to entice hackers to come and work with them by adopting affiliate models that would increase the volume of incidents their services can be used in.
The Record from Recorded Future News – Read More