BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT
/in General NewsCybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States.
“From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence,” Cisco Talos researcher Joey Chen said in a Thursday analysis.
The Hacker News – Read More
CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.
The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
The Hacker News – Read More
Google’s Gemini 2.5 Flash introduces ‘thinking budgets’ that cut AI costs by 600% when turned down
/in General NewsGoogle’s new Gemini 2.5 Flash AI model introduces adjustable “thinking budgets” that let businesses pay only for the reasoning power they need, balancing advanced capabilities with cost efficiency.Read More
Security News | VentureBeat – Read More
CISA Urges Action on Potential Oracle Cloud Credential Compromise
/in General NewsFollowing reports of unauthorized access to a legacy Oracle cloud environment, CISA warns of potential credential compromise leading…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Dogged by Trump, Chris Krebs Resigns from SentinelOne
/in General NewsThe president revoked the former CISA director’s security clearance, half a decade after Krebs challenged right-wing election disinformation, prompting his eventual resignation.
darkreading – Read More
Android Phones Pre-Downloaded With Malware Target User Crypto Wallets
/in General NewsThe threat actors lace pre-downloaded applications with malware to steal cryptocurrency by covertly swapping users’ wallet addresses with their own.
darkreading – Read More
Researchers Find CVSS 10.0 Severity RCE Vulnerability in Erlang/OTP SSH
/in General NewsSecurity researchers report CVE-2025-32433, a CVSS 10.0 RCE vulnerability in Erlang/OTP SSH, allowing unauthenticated code execution on exposed…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Qrator Labs Reports Mitigating Year’s Largest DDoS Attack to Date
/in General NewsQrator Labs reports it mitigated a massive record 965 Gbps DDoS attack in April 2025, the largest incident…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Airport retailer agrees to $6.9 million settlement over ransomware data breach
/in General NewsAccording to a complaint filed by a former employee, cybercriminals exfiltrated records that held personal information like names and Social Security numbers belonging to 76,000 current and former employees of Paradies Shops.
The Record from Recorded Future News – Read More
‘No AI Agents are Allowed.’ EU Bans Use of AI Assistants in Virtual Meetings
/in General NewsIn a presentation delivered this month by the European Commission, a meeting etiquette slide stated “No AI Agents are allowed.”
Security | TechRepublic – Read More