BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts
/in General NewsJapanese regulators published an urgent warning about hundreds of millions of dollars worth of unauthorized trades being conducted on hacked brokerage accounts in the country.
The Record from Recorded Future News – Read More
Industry First: StrikeReady AI Platform Moves Security Teams Beyond Basic, One-Dimensional AI-Driven Triage Solutions
/in General NewsDallas, United States, TX, 21st April 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Motorola to outfit first responders with new AI-enabled body cameras
/in General NewsUnveiled today, AI Assist aims to help public safety officers do their jobs more efficiently – and safely. Here’s how it works.
Latest stories for ZDNET in Security – Read More
How to Protect Yourself From Phone Searches at the US Border
/in General NewsCustom and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border.
Security Latest – Read More
Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote Hacking
/in General NewsLantronix’s XPort device is affected by a critical vulnerability that can be used for takeover and disruption, including in the energy sector.
The post Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote Hacking appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
/in General NewsCybersecurity researchers have disclosed a surge in “mass scanning, credential brute-forcing, and exploitation attempts” originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66.
The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week.
“Net
The Hacker News – Read More
Palantir exec defends company’s immigration surveillance work
/in General NewsOne of the founders of startup accelerator Y Combinator offered unsparing criticism this weekend of the controversial data analytics company Palantir, leading a company executive to offer an extensive defense of Palantir’s work. The back-and-forth came after federal filings showed that U.S. Immigration and Customs Enforcement (ICE) — tasked with carrying out the Trump administration’s […]
Security News | TechCrunch – Read More
APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
/in General NewsThe Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that’s targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER.
“While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool
The Hacker News – Read More
Chinese APT IronHusky Deploys Updated MysterySnail RAT on Russia
/in General NewsKaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats
/in General NewsMidnight Blizzard (APT29/Cozy Bear) targets European embassies and Ministries of Foreign Affairs with sophisticated phishing emails disguised as…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More