BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Demystifying Security Posture Management
/in General NewsWhile the Security Posture Management buzz is real, its long-term viability depends on whether it can deliver measurable outcomes without adding more complexity.
The post Demystifying Security Posture Management appeared first on SecurityWeek.
SecurityWeek – Read More
Why ‘One Community’ Resonates in Cybersecurity
/in General NewsOur collective voices and one community will provide the intelligence we need to safeguard our businesses in today’s modern digital environment.
The post Why ‘One Community’ Resonates in Cybersecurity appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese APT Mustang Panda Updates, Expands Arsenal
/in General NewsThe Chinese state-sponsored group Mustang Panda has used new and updated malicious tools in a recent attack.
The post Chinese APT Mustang Panda Updates, Expands Arsenal appeared first on SecurityWeek.
SecurityWeek – Read More
This ‘College Protester’ Isn’t Real. It’s an AI-Powered Undercover Bot for Cops
/in General NewsMassive Blue is helping cops deploy AI-powered social media bots to talk to people they suspect are anything from violent sex criminals all the way to vaguely defined “protesters.”
Security Latest – Read More
CISA Issues Guidance After Oracle Cloud Hack
/in General NewsCISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack.
The post CISA Issues Guidance After Oracle Cloud Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
/in General NewsA critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions.
The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0.
“The vulnerability allows an attacker with network access to an Erlang/OTP SSH
The Hacker News – Read More
Data-stealing cyberattacks are surging – 7 ways to protect yourself and your business
/in General NewsThe number of infostealers sent through phishing emails jumped by 84% last year. IBM X-Force offers these recommendations for defending yourself from all manner of malware.
Latest stories for ZDNET in Security – Read More
Update your iPhone now to patch a CarPlay glitch and two serious security flaws
/in General NewsApple’s iOS 18.4.1 update fixes a bug with wireless CarPlay and resolves two security holes already exploited in targeted attacks.
Latest stories for ZDNET in Security – Read More
MITRE Hackers’ Backdoor Has Targeted Windows for Years
/in General NewsWindows versions of the BrickStorm backdoor that the Chinese APT used in the MITRE hack last year have been active for years.
The post MITRE Hackers’ Backdoor Has Targeted Windows for Years appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection
The Hacker News – Read More