BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Rep. Green on CISA cuts, China hacking and cyber as a bipartisan issue
/in General NewsThe chair of the House Homeland Security Committee said his panel was prepared to take on pressing cyber policy challenges, like an estimated cyber workforce shortage of 50,000 professionals and burdensome digital compliance.
The Record from Recorded Future News – Read More
Hackers using AI-produced audio to impersonate tax preparers, IRS
/in General NewsArtificial Intelligence has supercharged an array of tax-season scams this year, with fraudsters using deepfake audio and other techniques to trick taxpayers into sending them money and financial documents.
The Record from Recorded Future News – Read More
Windows warning: Don’t delete that weird ‘inetpub’ folder. Already did? Here’s your fix
/in General NewsIt may look empty, but that folder is tied to a new security patch – and it shouldn’t be removed.
Latest stories for ZDNET in Security – Read More
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit
/in General NewsA threat actor claims to offer a zero-day exploit for an unauthenticated remote code execution vulnerability in Fortinet firewalls.
The post Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit appeared first on SecurityWeek.
SecurityWeek – Read More
New ‘ResolverRAT’ Targeting Healthcare, Pharmaceutical Organizations
/in General NewsOrganizations in the healthcare and pharmaceutical sectors have been targeted with ResolverRAT, a new malware family with advanced capabilities.
The post New ‘ResolverRAT’ Targeting Healthcare, Pharmaceutical Organizations appeared first on SecurityWeek.
SecurityWeek – Read More
7 RSAC 2025 Cloud Security Sessions You Don’t Want to Miss
/in General NewsSome of the brightest minds in the industry will discuss how to strengthen cloud security.
darkreading – Read More
AI Hallucinations Create a New Software Supply Chain Threat
/in General NewsResearchers uncover new software supply chain threat from LLM-generated package hallucinations.
The post AI Hallucinations Create a New Software Supply Chain Threat appeared first on SecurityWeek.
SecurityWeek – Read More
How DigitalOcean Moved Away From Manual Identity Management
/in General NewsDigitalOcean executives describe how they automated and streamlined many of the identity and access management functions which had been previously handled manually.
darkreading – Read More
How to Use LastPass Password Manager
/in General NewsLearn how to set up and use LastPass password manager. Start managing and storing your passwords with this step-by-step guide.
Security | TechRepublic – Read More
TraderTraitor: The Kings of the Crypto Heist
/in General NewsAllegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world.
Security Latest – Read More