BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Can Cybersecurity Weather the Current Economic Chaos?
/in General NewsCybersecurity firms tend to be more software- and service-oriented than their peers, and threats tend to increase during a downturn, leaving analysts hopeful that the industry will buck a recession.
darkreading – Read More
Booking.com Phishing Scam Uses Fake CAPTCHA to Install AsyncRAT
/in General NewsFake Booking.com emails trick hotel staff into running AsyncRAT malware via fake CAPTCHA, targeting systems with remote access…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
ASUS Urges Users to Patch AiCloud Router Vuln Immediately
/in General NewsThe vulnerability is only found in the vendor’s router series and can be triggered by an attacker using a crafted request — all of which helps make it a highly critical vulnerability with a 9.2 CVSS score.
darkreading – Read More
SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks
/in General NewsA new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts.
The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to
The Hacker News – Read More
North Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature
/in General NewsNorth Korean cryptocurrency thieves abusing Zoom Remote collaboration feature to target cryptocurrency traders with malware.
The post North Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature appeared first on SecurityWeek.
SecurityWeek – Read More
Native Language Phishing Spreads ResolverRAT to Healthcare
/in General NewsMorphisec discovers a new malware threat ResolverRAT, that combines advanced methods for running code directly in computer memory,…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Exaforce Banks Hefty $75 Million for AI-Powered SOC Remake
/in General NewsSan Francisco startup closes a hefty $75 million Series A funding round led by Khosla Ventures and Mayfield.
The post Exaforce Banks Hefty $75 Million for AI-Powered SOC Remake appeared first on SecurityWeek.
SecurityWeek – Read More
Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation
/in General NewsWith 51% of internet traffic now bot-driven and a growing share of it malicious, organizations must prepare for an era of more evasive, AI-assisted automation.
The post Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation appeared first on SecurityWeek.
SecurityWeek – Read More
North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks
/in General NewsGovernment-backed hacking groups from North Korea (TA427), Iran (TA450), and Russia (UNK_RemoteRogue, TA422) are now using the ClickFix…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Kenzo Security Raises $4.5 Million for Agentic AI Security Operations Platform
/in General NewsKenzo Security has emerged from stealth mode after 18 months of developing its agentic AI security platform.
The post Kenzo Security Raises $4.5 Million for Agentic AI Security Operations Platform appeared first on SecurityWeek.
SecurityWeek – Read More