BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
CISA warns of potential data breaches caused by legacy Oracle Cloud leak
/in General NewsThe Cybersecurity and Infrastructure Security Agency on Wednesday said that while the scope of the reported Oracle issue remains unconfirmed, it “presents potential risk to organizations and individuals.”
The Record from Recorded Future News – Read More
Why the CVE database for tracking security flaws nearly went dark – and what happens next
/in General NewsExpired US government funding nearly disrupted this global security system. How can we prevent this from happening again in 11 months?
Latest stories for ZDNET in Security – Read More
Developers Beware: Slopsquatting & Vibe Coding Can Increase Risk of AI-Powered Attacks
/in General NewsSlopsquatting and vibe coding are fueling a new wave of AI-driven cyberattacks, exposing developers to hidden risks through fake, hallucinated packages.
Security | TechRepublic – Read More
OpenAI launches o3 and o4-mini, AI models that ‘think with images’ and use tools autonomously
/in General NewsOpenAI launches groundbreaking o3 and o4-mini AI models that can manipulate and reason with images, representing a major advance in visual problem-solving and tool-using artificial intelligence.Read More
Security News | VentureBeat – Read More
Apple says zero-day bugs exploited against ‘specific targeted individuals’ using iOS
/in General NewsOne of the bugs was discovered by Google’s security researchers who investigate government-backed cyberattacks.
Security News | TechCrunch – Read More
CVE Program Stays Online as CISA Backs Temporary MITRE Extension
/in General NewsMITRE avoids CVE program shutdown with last-minute contract extension. Questions remain about long-term funding and the future of…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
More than 100,000 had information stolen from Hertz through Cleo file share tool
/in General NewsCar rental giant Hertz has been notifying state regulators of a data breach that occurred through third-party file sharing software. Tens of thousands of people are affected, but the company hasn’t specified a total number.
The Record from Recorded Future News – Read More
Patch Now: NVDIA Flaws Expose AI Models, Critical Infrastructure
/in General NewsA fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring the need to patch a secondary flaw to protect organizations that rely on NVIDIA processors for AI workloads.
darkreading – Read More
MITRE CVE Program Gets Last-Hour Funding Reprieve
/in General NewsThe US government’s cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational.
The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek.
SecurityWeek – Read More
How Apple plans to train its AI on your data without sacrificing your privacy
/in General NewsApple’s solution is called ‘differential privacy’ – and it’s already been using it for Genmojis.
Latest stories for ZDNET in Security – Read More