BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
/in General NewsCybersecurity researchers are warning of a “widespread and ongoing” SMS phishing campaign that’s been targeting toll road users in the United States for financial theft since mid-October 2024.
“The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by ‘Wang Duo Yu,'” Cisco Talos researchers Azim Khodjibaev, Chetan
The Hacker News – Read More
New payment-card scam involves a phone call, some malware and a personal tap
/in General NewsA new payment card scam uses malware disguised as a security tool or verification utility to capture card details and access funds.
The Record from Recorded Future News – Read More
Think GeoGuessr is fun? Try using ChatGPT to guess locations in your photos
/in General NewsChatGPT can ‘read’ your photos for location clues – even without embedded GPS or EXIF data. Here’s why that could be a problem.
Latest stories for ZDNET in Security – Read More
If Boards Don’t Fix OT Security, Regulators Will
/in General NewsAround the world, governments are setting higher-bar regulations with clear corporate accountability for breaches on the belief organizations won’t drive up security maturity for operational technology unless they’re made to.
darkreading – Read More
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
/in General NewsA new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader.
“Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution,” Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign.
The
The Hacker News – Read More
In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged
/in General NewsNoteworthy stories that might have slipped under the radar: 4chan hacked, auto-reboot security feature coming to Android, Iranian administrator of Nemesis charged in US.
The post In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged appeared first on SecurityWeek.
SecurityWeek – Read More
Live Events Giant Legends International Hacked
/in General NewsLegends International says the personal information of employees and customers was compromised as a result of a cyberattack.
The post Live Events Giant Legends International Hacked appeared first on SecurityWeek.
SecurityWeek – Read More
Ahold Delhaize Confirms Data Stolen in Ransomware Attack
/in General NewsAhold Delhaize has confirmed that data was stolen from its systems in November 2024 after a ransomware group claimed the attack.
The post Ahold Delhaize Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Cy4Data Labs Raises $10 Million to Secure Data in Use
/in General NewsData protection firm Cy4Data Labs has raised $10 million in a Series A funding round led by Pelion Venture Partners.
The post Cy4Data Labs Raises $10 Million to Secure Data in Use appeared first on SecurityWeek.
SecurityWeek – Read More
[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach
/in General NewsYour employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal—until it is.
If this sounds familiar, you’re not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And
The Hacker News – Read More