BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Microsoft’s Recall AI Tool Is Making an Unwelcome Return
/in General NewsMicrosoft held off on releasing the privacy-unfriendly feature after a swell of pushback last year. Now it’s trying again, with a few improvements that skeptics say still aren’t enough.
Security Latest – Read More
OpenAI slashes prices for GPT-4.1, igniting AI price war among tech giants
/in General NewsOpenAI slashes GPT-4.1 API prices by up to 75% while offering superior coding performance and million-token context windows, triggering an industry-wide AI pricing war with Anthropic, Google, and xAI.Read More
Security News | VentureBeat – Read More
OpenAI’s new GPT-4.1 models can process a million tokens and solve coding problems better than ever
/in General NewsOpenAI launched a new family of AI models this morning that significantly improve coding abilities while cutting costs, responding directly to growing competition in the enterprise AI market. The San Francisco-based AI company introduced three models — GPT-4.1, GPT-4.1 mini, and GPT-4.1 nano — all available immediately through its API. The new line…Read More
Security News | VentureBeat – Read More
Pre-Installed Malware on Cheap Android Phones Steals Crypto via Fake WhatsApp
/in General NewsCheap Android phones with preinstalled malware use fake apps like WhatsApp to hijack crypto transactions and steal wallet recovery phrases.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution
/in General NewsA threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation.
darkreading – Read More
Hertz says customers’ personal data and driver’s licenses stolen in data breach
/in General NewsThe car rental giant attributed the breach to Cleo, whose customers had data stolen by a ransomware gang in 2024.
Security News | TechCrunch – Read More
Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities
/in General NewsThe flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.
The post Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese APTs Exploit EDR ‘Visibility Gap’ for Cyber Espionage
/in General NewsBlind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here’s how experts say you can get eyes on it all.
darkreading – Read More
Taiwan charges Chinese ship captain with breaking subsea cables
/in General NewsThe captain of a Chinese-crewed ship has been charged in Taiwan with breaking a subsea cable near the island, the first such formal charge following almost a dozen similar incidents in recent years.
The Record from Recorded Future News – Read More
Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed
/in General NewsTrend Micro researchers flagging problems with Nvidia’s patch for a critical, code execution vulnerability in the Nvidia Container Toolkit.
The post Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed appeared first on SecurityWeek.
SecurityWeek – Read More