BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Malicious NPM Packages Target Cryptocurrency, PayPal Users
/in General NewsThreat actors are publishing malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers.
The post Malicious NPM Packages Target Cryptocurrency, PayPal Users appeared first on SecurityWeek.
SecurityWeek – Read More
Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind
/in General NewsAI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats. AI offers a way to
The Hacker News – Read More
Brass Typhoon: The Chinese Hacking Group Lurking in the Shadows
/in General NewsThough less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks.
Security Latest – Read More
CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide
/in General NewsDespite their hacktivist front, CyberAv3ngers is a rare state-sponsored hacker group bent on putting industrial infrastructure at risk—and has already caused global disruption.
Security Latest – Read More
Black Basta: The Fallen Ransomware Gang That Lives On
/in General NewsAfter a series of setbacks, the notorious Black Basta ransomware gang went underground. Researchers are bracing for its probable return in a new form.
Security Latest – Read More
Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access
/in General NewsHackers exploit Fortinet flaws to plant stealth backdoors on FortiGate devices, maintaining access even after patches. Update to…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Data Breach at Planned Parenthood Lab Partner Exposes Info of 1.6M
/in General NewsData breach at Laboratory Services Cooperative (LSC) exposed the sensitive health and personal information of 1.6 million individuals…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT
/in General NewsA threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT.
The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking crew’s
The Hacker News – Read More
Morocco Investigates Social Security Agency Data Leak
/in General NewsA threat actor has claimed responsibility for the alleged politically motivated attack and has uploaded the stolen data to a Dark Web forum.
darkreading – Read More
Homeland Security Email Tells a US Citizen to ‘Immediately’ Self-Deport
/in General NewsAn email sent by the Department of Homeland Security instructs people in the US on a temporary legal status to leave the country. But who the email actually applies to—and who actually received it—is far from clear.
Security Latest – Read More