BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Middle East, North Africa Security Spending to Top $3B
/in General NewsGartner projects IT security spending in the MENA region will continue to increase in 2025, with security services accounting for the most growth.
darkreading – Read More
Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
/in General NewsApple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.
The vulnerabilities in question are listed below –
CVE-2025-31200 (CVSS score: 7.5) – A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio
The Hacker News – Read More
GPS Spoofing Attacks Spike in Middle East, Southeast Asia
/in General NewsAn Indian disaster-relief flight delivering aid is the latest air-traffic incident, as attacks increase in the Middle East and Myanmar and along the India-Pakistan border.
darkreading – Read More
Former CISA director Chris Krebs vows to fight back against Trump-ordered federal investigation
/in General NewsThe former cybersecurity chief is the latest to push back on the Trump administration’s targeting of critics and dissenters.
Security News | TechCrunch – Read More
Multiple Groups Exploit NTLM Flaw in Microsoft Windows
/in General NewsThe attacks have been going on since shortly after Microsoft patched the vulnerability in March.
darkreading – Read More
Krebs Exits SentinelOne After Security Clearance Pulled
/in General NewsChris Krebs has resigned from SentinelOne after security clearance withdrawn and an order to review CISA’s conduct under his leadership.
The post Krebs Exits SentinelOne After Security Clearance Pulled appeared first on SecurityWeek.
SecurityWeek – Read More
Apple Quashes Two Zero-Days With iOS, MacOS Patches
/in General NewsThe vulnerabilities are described as code execution and mitigation bypass issues that affect Apple’s iOS, iPadOS and macOS platforms.
The post Apple Quashes Two Zero-Days With iOS, MacOS Patches appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware gang ‘CrazyHunter’ Targets Critical Taiwanese Orgs
/in General NewsTrend Micro researchers detailed an emerging ransomware campaign by a new group known as “CrazyHunter” that is targeting critical sectors in Taiwan.
darkreading – Read More
CISA warns of potential data breaches caused by legacy Oracle Cloud leak
/in General NewsThe Cybersecurity and Infrastructure Security Agency on Wednesday said that while the scope of the reported Oracle issue remains unconfirmed, it “presents potential risk to organizations and individuals.”
The Record from Recorded Future News – Read More
Why the CVE database for tracking security flaws nearly went dark – and what happens next
/in General NewsExpired US government funding nearly disrupted this global security system. How can we prevent this from happening again in 11 months?
Latest stories for ZDNET in Security – Read More