BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
China Secretly (and Weirdly) Admits It Hacked US Infrastructure
/in General NewsPlus: The Department of Homeland Security begins surveilling immigrants’ social media, President Donald Trump targets former CISA director who refuted his claims of 2020 election fraud, and more.
Security Latest – Read More
5 warning signs that your phone’s been hacked – and how to fight back
/in General NewsHere are the biggest warning signs that your phone may be compromised and the secret codes that can tell you all about it.
Latest stories for ZDNET in Security – Read More
Pall Mall Process Progresses but Leads to More Questions
/in General NewsNations continue to sign the Code of Practice for States in an effort to curb commercial spyware, yet implementation and enforcement concerns have yet to be figured out.
darkreading – Read More
SaaS Security Essentials: Reducing Risks in Cloud Applications
/in General NewsAs organizations increasingly rely on SaaS applications to run their operations, securing them has become a necessity. Without…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Paper Werewolf Threat Actor Targets Flash Drives With New Malware
/in General NewsThe threat actor, also known as Goffee, has been active since at least 2022 and has changed its tactics and techniques over the years while targeting Russian organizations.
darkreading – Read More
Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing
/in General NewsRussian APT group Storm-2372 employs device code phishing to bypass Multi-Factor Authentication (MFA). Targets include government, technology, finance,…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims
/in General NewsThe most damaging attacks continue to be ransomware, but financial fraud claims are more numerous — and both are driven by increasing third-party breaches.
darkreading – Read More
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
/in General NewsFortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched.
The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
“A threat actor used a known
The Hacker News – Read More
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle
/in General NewsThe CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.
The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek.
SecurityWeek – Read More
Using Third-Party ID Providers Without Losing Zero Trust
/in General NewsWith $4.4 billion in worldwide data breach fines in 2024, the cost of not knowing who’s walking into your systems is devastating.
darkreading – Read More