BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Thousands of Baltimore students, teachers affected by data breach following February ransomware attack
/in General NewsThousands of students, teachers and administrators had information stolen from the Baltimore City Public Schools system during a ransomware attack in February.
The Record from Recorded Future News – Read More
Microsoft Purges Millions of Cloud Tenants in Wake of Storm-0558
/in General NewsThe tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT’s breach of its Exchange Online environment in 2023.
darkreading – Read More
Fake Alpine Quest Mapping App Spotted Spying on Russian Military
/in General NewsFake Alpine Quest app laced with spyware was used to target Russian military Android devices, stealing location data,…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
3 More Healthcare Orgs Hit by Ransomware Attacks
/in General NewsDialysis firm DaVita, Wisconsin-based Bell Ambulance, and Alabama Ophthalmology Associates all suffered apparent or confirmed ransomware attacks this month.
darkreading – Read More
City of Abilene Goes Offline in Wake of Cyberattack
/in General NewsThe Texas municipality is following its incident response playbook as it works with a third-party to investigate the scope and scale of the attack.
darkreading – Read More
Beware of video call links that are attempts to steal Microsoft 365 access, researchers tell NGOs
/in General NewsRussia-linked phishing attacks targeting NGOs with ties to Ukraine ask victims to join a video call, and result in them gaining access to Microsoft 365 accounts.
The Record from Recorded Future News – Read More
SSL.com Vulnerability Allowed Fraudulent SSL Certificates for Major Domains
/in General NewsAn SSL.com vulnerability allowed attackers to issue valid SSL certificates for major domains by exploiting a bug in…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
/in General NewsCybersecurity researchers have detailed a malware campaign that’s targeting Docker environments with a previously undocumented technique to mine cryptocurrency.
The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources.
This involves deploying a malware strain
The Hacker News – Read More
‘Cookie Bite’ Entra ID Attack Exposes Microsoft 365
/in General NewsA proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications.
darkreading – Read More
Tired of unsolicited nude pics? Google’s new safety feature can help – how it works
/in General NewsThe Sensitive Content Warnings feature shields you from images in Google Messages that may contain nudity and lets you easily block numbers – but you’ll need to enable it.
Latest stories for ZDNET in Security – Read More