BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Organizations Fix Less Than Half of All Exploitable Vulnerabilities, With Just 21% of GenAI App Flaws Resolved
/in General NewsPost Content
darkreading – Read More
Could Ransomware Survive Without Cryptocurrency?
/in General NewsThreat actors would be at least temporarily derailed, experts say. But the real issue ladders back to organizations’ weak cyber hygiene.
darkreading – Read More
AWWA Supports Introduction of Collaborative Cybersecurity Legislation
/in General NewsPost Content
darkreading – Read More
2025’s Top OSINT Tools: A Fresh Take on Open-Source Intel
/in General NewsCheck out the top OSINT tools of 2025, an updated list featuring the best free and paid open-source…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Chinese APT Mustang Panda Debuts 4 New Attack Tools
/in General NewsThe notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal.
darkreading – Read More
Attackers and Defenders Lean on AI in Identity Fraud Battle
/in General NewsIdentity verification, insurance claims, and financial services are all seeing surges in AI-enabled fraud, but organizations are taking advantage of AI systems to fight fire with fire.
darkreading – Read More
The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools
/in General NewsWith unapproved AI tools entrenched in daily workflows, experts say it’s time to shift from monitoring to managing Shadow AI use across the enterprise.
The post The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools appeared first on SecurityWeek.
SecurityWeek – Read More
That Google email look real? Don’t click – it might be scam. Here’s how to tell
/in General NewsUntil Google rolls out a fix, you’ll have to be on the lookout for this particularly convincing phishing scam.
Latest stories for ZDNET in Security – Read More
Alleged SmokeLoader malware operator facing federal charges in Vermont
/in General NewsAn alleged operator of the SmokeLoader malware is now facing federal hacking charges in Vermont after accusations that he stole personal information on more than 65,000 people.
The Record from Recorded Future News – Read More
ICE Is Paying Palantir $30 Million to Build ‘ImmigrationOS’ Surveillance Platform
/in General NewsIn a document published Thursday, ICE explained the functions that it expects Palantir to include in a prototype of a new program to give the agency “near real-time” data about people self-deporting.
Security Latest – Read More