BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
ICE Is Paying Palantir $30 Million to Build ‘ImmigrationOS’ Surveillance Platform
/in General NewsIn a document published Thursday, ICE explained the functions that it expects Palantir to include in a prototype of a new program to give the agency “near real-time” data about people self-deporting.
Security Latest – Read More
CISA Weighs In on Alleged Oracle Cloud Breach
/in General NewsThe agency is recommending that organizations and individuals implement its recommendations to prevent the misuse of stolen data, though Oracle has yet to publicly do the same for its customers.
darkreading – Read More
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
/in General NewsCybersecurity researchers are warning of a “widespread and ongoing” SMS phishing campaign that’s been targeting toll road users in the United States for financial theft since mid-October 2024.
“The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by ‘Wang Duo Yu,'” Cisco Talos researchers Azim Khodjibaev, Chetan
The Hacker News – Read More
New payment-card scam involves a phone call, some malware and a personal tap
/in General NewsA new payment card scam uses malware disguised as a security tool or verification utility to capture card details and access funds.
The Record from Recorded Future News – Read More
Think GeoGuessr is fun? Try using ChatGPT to guess locations in your photos
/in General NewsChatGPT can ‘read’ your photos for location clues – even without embedded GPS or EXIF data. Here’s why that could be a problem.
Latest stories for ZDNET in Security – Read More
If Boards Don’t Fix OT Security, Regulators Will
/in General NewsAround the world, governments are setting higher-bar regulations with clear corporate accountability for breaches on the belief organizations won’t drive up security maturity for operational technology unless they’re made to.
darkreading – Read More
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
/in General NewsA new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader.
“Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution,” Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign.
The
The Hacker News – Read More
In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged
/in General NewsNoteworthy stories that might have slipped under the radar: 4chan hacked, auto-reboot security feature coming to Android, Iranian administrator of Nemesis charged in US.
The post In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged appeared first on SecurityWeek.
SecurityWeek – Read More
Live Events Giant Legends International Hacked
/in General NewsLegends International says the personal information of employees and customers was compromised as a result of a cyberattack.
The post Live Events Giant Legends International Hacked appeared first on SecurityWeek.
SecurityWeek – Read More
Ahold Delhaize Confirms Data Stolen in Ransomware Attack
/in General NewsAhold Delhaize has confirmed that data was stolen from its systems in November 2024 after a ransomware group claimed the attack.
The post Ahold Delhaize Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More