BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
Exploit DB
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
Apple notifies new victims of spyware attacks across the world
/in General NewsTwo alleged victims came forward claiming they received a spyware notification from Apple.
Security News | TechCrunch – Read More
US arrests two alleged leaders of online extremist 764 group
/in General NewsAn affidavit unsealed in Washington, D.C., alleges that the two “targeted vulnerable children online, coercing them into producing degrading and explicit content under threat and manipulation.”
The Record from Recorded Future News – Read More
Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense
/in General NewsAs the field of artificial intelligence (AI) continues to evolve at a rapid pace, new research has found how techniques that render the Model Context Protocol (MCP) susceptible to prompt injection attacks could be used to develop security tooling or identify malicious tools, according to a new report from Tenable.
MCP, launched by Anthropic in November 2024, is a framework designed to connect
The Hacker News – Read More
Tech Giants Propose Standard For End-of-Life Security Disclosures
/in General NewsThe OpenEoX model proposes a shared data format that can be integrated into SBOMs, security advisories, and other ecosystem tools.
The post Tech Giants Propose Standard For End-of-Life Security Disclosures appeared first on SecurityWeek.
SecurityWeek – Read More
Phishers Take Advantage of Iberian Blackout Before It’s Even Over
/in General NewsOpportunistic threat actors targeted Portuguese and Spanish speakers by spoofing Portugal’s national airline in a campaign offering compensation for delayed or disrupted flights.
darkreading – Read More
Sneaky WordPress Malware Disguised as Anti-Malware Plugin
/in General NewsWordPress sites are under threat from a deceptive anti-malware plugin. Learn how this malware grants backdoor access, hides…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
GPT-4o update gets recalled by OpenAI for being too agreeable
/in General NewsUsers complained GPT-4o was too ‘sycophantic.’ Here’s why and what happens now.
Latest stories for ZDNET in Security – Read More
DHS Boss Noem Vows to Get CISA Back ‘On Mission’
/in General NewsSecretary Noem asks the cybersecurity community to get in touch with CISA to help reshape the agency to focus on finding efficiencies.
darkreading – Read More
DarkWatchman cybercrime malware returns on Russian networks
/in General NewsA financially motivated group tracked as Hive0117 recently attacked multiple Russian industries with a retooled version of DarkWatchman malware, researchers said.
The Record from Recorded Future News – Read More
UK retail giant Co-op warns of disruption as it battles cyberattack
/in General NewsThe U.K. grocery and retail giant said the unspecified cyber incident is affecting its back office and call centers.
Security News | TechCrunch – Read More