BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
/in General NewsA critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions.
The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0.
“The vulnerability allows an attacker with network access to an Erlang/OTP SSH
The Hacker News – Read More
Data-stealing cyberattacks are surging – 7 ways to protect yourself and your business
/in General NewsThe number of infostealers sent through phishing emails jumped by 84% last year. IBM X-Force offers these recommendations for defending yourself from all manner of malware.
Latest stories for ZDNET in Security – Read More
Update your iPhone now to patch a CarPlay glitch and two serious security flaws
/in General NewsApple’s iOS 18.4.1 update fixes a bug with wireless CarPlay and resolves two security holes already exploited in targeted attacks.
Latest stories for ZDNET in Security – Read More
MITRE Hackers’ Backdoor Has Targeted Windows for Years
/in General NewsWindows versions of the BrickStorm backdoor that the Chinese APT used in the MITRE hack last year have been active for years.
The post MITRE Hackers’ Backdoor Has Targeted Windows for Years appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection
The Hacker News – Read More
Middle East, North Africa Security Spending to Top $3B
/in General NewsGartner projects IT security spending in the MENA region will continue to increase in 2025, with security services accounting for the most growth.
darkreading – Read More
Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
/in General NewsApple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.
The vulnerabilities in question are listed below –
CVE-2025-31200 (CVSS score: 7.5) – A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio
The Hacker News – Read More
GPS Spoofing Attacks Spike in Middle East, Southeast Asia
/in General NewsAn Indian disaster-relief flight delivering aid is the latest air-traffic incident, as attacks increase in the Middle East and Myanmar and along the India-Pakistan border.
darkreading – Read More
Former CISA director Chris Krebs vows to fight back against Trump-ordered federal investigation
/in General NewsThe former cybersecurity chief is the latest to push back on the Trump administration’s targeting of critics and dissenters.
Security News | TechCrunch – Read More
Multiple Groups Exploit NTLM Flaw in Microsoft Windows
/in General NewsThe attacks have been going on since shortly after Microsoft patched the vulnerability in March.
darkreading – Read More