BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers
/in General NewsLemonade says the incident is not material and that its operations were not compromised, nor was its customer data targeted.
The post Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers appeared first on SecurityWeek.
SecurityWeek – Read More
Claude just gained superpowers: Anthropic’s AI can now search your entire Google Workspace without you
/in General NewsAnthropic launches autonomous “agentic” research capability for Claude AI and Google Workspace integration, challenging OpenAI with faster results and enterprise-grade security for knowledge workers.Read More
Security News | VentureBeat – Read More
Notorious image board 4chan hacked and internal data leaked
/in General NewsThe infamous website was taken down and working intermittently, while hackers leaked alleged data like moderators email addresses, and source code.
Security News | TechCrunch – Read More
Your Android phone is getting a new security secret weapon – how it works
/in General NewsThis new security feature from Google will make your Android phone more difficult to access if you haven’t used it in a while.
Latest stories for ZDNET in Security – Read More
23andMe bankruptcy draws investigation from House panel over data concerns
/in General NewsA House committee launched an investigation into the privacy and security risks associated with the bankruptcy of genetic testing company 23andMe and has asked its former CEO to testify at a hearing planned for early May.
The Record from Recorded Future News – Read More
Conduent Says Names, Social Security Numbers Stolen in Cyberattack
/in General NewsThe business services provider confirms personal information such as names and Social Security numbers was stolen in a January cyberattack.
The post Conduent Says Names, Social Security Numbers Stolen in Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
Kidney Dialysis Services Provider DaVita Hit by Ransomware
/in General NewsDaVita has not named the ransomware group behind the incident or share details on the attacker’s ransom demands.
The post Kidney Dialysis Services Provider DaVita Hit by Ransomware appeared first on SecurityWeek.
SecurityWeek – Read More
China-Backed Threat Actor ‘UNC5174’ Using Open Source Tools in Stealthy Attacks
/in General NewsSysdig researchers detailed an ongoing campaign from China-backed threat actor UNC5174, which is using open source hacking tools to stay under the radar.
darkreading – Read More
UK Software Firm Exposed 1.1TB of Healthcare Worker Records
/in General News8M UK healthcare worker records, including IDs and financial data, exposed due to a misconfigured staff management database…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Are We Prioritizing the Wrong Security Metrics?
/in General NewsTrue security isn’t about meeting deadlines — it’s about mitigating risk in a way that aligns with business objectives while protecting against real-world threats.
darkreading – Read More