BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Biometrics vs. passcodes: What lawyers recommend if you’re worried about warrantless phone searches
/in General NewsDo passcodes really protect you more from warrantless phone searches than biometrics? It’s complicated.
Latest stories for ZDNET in Security – Read More
Hackers Breach Morocco’s Social Security Database
/in General NewsThe hackers who posted the documents on Telegram said the attack was in response to alleged Moroccan “harassment” of Algeria on social media platforms.
The post Hackers Breach Morocco’s Social Security Database appeared first on SecurityWeek.
SecurityWeek – Read More
Organizations Lack Incident Response Plans, But Answers Are on the Way
/in General NewsDeveloping strong incident response plans remains an area that requires significant improvement. Here are some shortcomings and how to address them.
darkreading – Read More
Vulnerability in OttoKit WordPress Plugin Exploited in the Wild
/in General NewsA vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild.
The post Vulnerability in OttoKit WordPress Plugin Exploited in the Wild appeared first on SecurityWeek.
SecurityWeek – Read More
11 Bugs Found in Perplexity AI’s Chatbot Android App
/in General NewsResearchers characterize the company’s artificial intelligence chatbot as less secure than ChatGPT and even DeepSeek.
darkreading – Read More
In Other News: Scattered Spider Still Active, EncryptHub Unmasked, Rydox Extraditions
/in General NewsNoteworthy stories that might have slipped under the radar: Scattered Spider still active despite arrests, hacker known as EncryptHub unmasked, Rydox admins extradited to US.
The post In Other News: Scattered Spider Still Active, EncryptHub Unmasked, Rydox Extraditions appeared first on SecurityWeek.
SecurityWeek – Read More
Sex-Fantasy Chatbots Are Leaking a Constant Stream of Explicit Messages
/in General NewsSome misconfigured AI chatbots are pushing people’s chats to the open web—revealing sexual prompts and conversations that include descriptions of child sexual abuse.
Security Latest – Read More
SonicWall Patches High-Severity Vulnerability in NetExtender
/in General NewsSonicWall has released fixes for three vulnerabilities in NetExtender for Windows, including a high-severity bug.
The post SonicWall Patches High-Severity Vulnerability in NetExtender appeared first on SecurityWeek.
SecurityWeek – Read More
1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative
/in General NewsLaboratory Services Cooperative says the personal and medical information of 1.6 million was stolen in an October 2024 data breach.
The post 1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative appeared first on SecurityWeek.
SecurityWeek – Read More
SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps
/in General NewsCybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote.
These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an attempt to deceive unsuspecting users into installing the malware instead.
“The threat actor utilized a
The Hacker News – Read More