BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Microsoft Purges Dormant Azure Tenants, Rotates Keys to Prevent Repeat Nation-State Hack
/in General NewsMicrosoft security chief Charlie Bell says the SFI’s 28 objectives are “near completion” and that 11 others have made “significant progress.”
The post Microsoft Purges Dormant Azure Tenants, Rotates Keys to Prevent Repeat Nation-State Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Nation-State Threats Put SMBs in Their Sights
/in General NewsCyberthreat groups increasingly see small and medium-sized businesses, especially those with links to larger businesses, as the weak link in the supply chain for software and IT services.
darkreading – Read More
Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
/in General NewsCybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access.
The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC).
“In some systems, initial access was gained through
The Hacker News – Read More
Can Cybersecurity Weather the Current Economic Chaos?
/in General NewsCybersecurity firms tend to be more software- and service-oriented than their peers, and threats tend to increase during a downturn, leaving analysts hopeful that the industry will buck a recession.
darkreading – Read More
Booking.com Phishing Scam Uses Fake CAPTCHA to Install AsyncRAT
/in General NewsFake Booking.com emails trick hotel staff into running AsyncRAT malware via fake CAPTCHA, targeting systems with remote access…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
ASUS Urges Users to Patch AiCloud Router Vuln Immediately
/in General NewsThe vulnerability is only found in the vendor’s router series and can be triggered by an attacker using a crafted request — all of which helps make it a highly critical vulnerability with a 9.2 CVSS score.
darkreading – Read More
SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks
/in General NewsA new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts.
The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to
The Hacker News – Read More
North Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature
/in General NewsNorth Korean cryptocurrency thieves abusing Zoom Remote collaboration feature to target cryptocurrency traders with malware.
The post North Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature appeared first on SecurityWeek.
SecurityWeek – Read More
Native Language Phishing Spreads ResolverRAT to Healthcare
/in General NewsMorphisec discovers a new malware threat ResolverRAT, that combines advanced methods for running code directly in computer memory,…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Exaforce Banks Hefty $75 Million for AI-Powered SOC Remake
/in General NewsSan Francisco startup closes a hefty $75 million Series A funding round led by Khosla Ventures and Mayfield.
The post Exaforce Banks Hefty $75 Million for AI-Powered SOC Remake appeared first on SecurityWeek.
SecurityWeek – Read More