BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Florida draft law mandating encryption backdoors for social media accounts billed ‘dangerous and dumb’
/in General NewsA digital rights group blasted the Florida bill, but lawmakers voted to advanced the draft law.
Security News | TechCrunch – Read More
Dutch parent company of Hannaford and Stop & Shop confirms data stolen in cyberattack
/in General NewsThe INC ransomware gang claimed it was behind the cyberattack, which limited operations last November at some of the company’s 2,000 stores across the U.S.
The Record from Recorded Future News – Read More
CVE Program Cuts Send the Cyber Sector Into Panic Mode
/in General NewsAfter threatening to slash support for the CVE program, CISA threw MITRE a lifeline at the last minute — extending its government contract for another 11 months. After that, it looks like it’s up to the private sector to find the cash to keep it going.
darkreading – Read More
Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects
/in General NewsMinh Phuong Ngoc Vong pleaded guilty to defrauding US companies of roughly $1 million in a fake IT worker scheme.
The post Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects appeared first on SecurityWeek.
SecurityWeek – Read More
Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks
/in General NewsFind out the specifics of these iOS and macOS vulnerabilities, as well as which Apple devices were impacted.
Security | TechRepublic – Read More
Mass Ransomware Campaign Hits S3 Buckets Using Stolen AWS Keys
/in General NewsResearchers reveal a large-scale ransomware campaign leveraging over 1,200 stolen AWS access keys to encrypt S3 buckets. Learn…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
New Jersey Sues Discord for Allegedly Failing to Protect Children
/in General NewsThe New Jersey attorney general claims Discord’s features to keep children under 13 safe from sexual predators and harmful content are inadequate.
Security Latest – Read More
Cybersecurity by Design: When Humans Meet Technology
/in General NewsIf security tools are challenging to use, people will look for workarounds to get around the restrictions.
darkreading – Read More
Vulnerabilities Patched in Atlassian, Cisco Products
/in General NewsAtlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs.
The post Vulnerabilities Patched in Atlassian, Cisco Products appeared first on SecurityWeek.
SecurityWeek – Read More
Network Security at the Edge for AI-ready Enterprise
/in General NewsThe widespread use of AI, particularly generative AI, in modern businesses creates new network security risks for complex enterprise workloads across various locations.
Security | TechRepublic – Read More