BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Why Data Privacy Isn’t the Same as Data Security
/in General NewsFailing to distinguish between data privacy and data security leaves businesses vulnerable to regulatory scrutiny and the kinds of breaches that erode consumer trust overnight.
darkreading – Read More
Why security stacks need to think like an attacker, and score every user in real time
/in General NewsSophisticated attacks must be tracked and contained in a business’s core security infrastructure, managed from its SOC.Read More
Security News | VentureBeat – Read More
Threat Actors Use ‘Spam Bombing’ Technique to Hide Malicious Motives
/in General NewsDarktrace researchers detailed “spam bombing,” a technique in which threat actors bombard targets with spam emails as a pretense for activity like social engineering campaigns.
darkreading – Read More
Study Identifies 20 Most Vulnerable Connected Devices of 2025
/in General NewsRouters are the riskiest devices in enterprise networks as they contain the most critical vulnerabilities, a new Forescout report shows.
The post Study Identifies 20 Most Vulnerable Connected Devices of 2025 appeared first on SecurityWeek.
SecurityWeek – Read More
PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
/in General NewsOverview of the PlayPraetor Masquerading Party Variants
CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days.
As before, all the newly discovered play
The Hacker News – Read More
Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
/in General NewsLaw enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals.
“In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar,’ faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks,'” Europol said in a
The Hacker News – Read More
Nissan Leaf Hacked for Remote Spying, Physical Takeover
/in General NewsResearchers find vulnerabilities that can be exploited to remotely take control of a Nissan Leaf’s functions, including physical controls.
The post Nissan Leaf Hacked for Remote Spying, Physical Takeover appeared first on SecurityWeek.
SecurityWeek – Read More
Operations of Sensor Giant Sensata Disrupted by Ransomware Attack
/in General NewsSensata has informed the SEC that shipping, manufacturing and other operations have been impacted by a ransomware attack.
The post Operations of Sensor Giant Sensata Disrupted by Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages
/in General NewsCAPTCHA-evading Python framework AkiraBot has spammed over 80,000 websites with AI-generated spam messages.
The post ‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages appeared first on SecurityWeek.
SecurityWeek – Read More
AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections
/in General NewsCybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that’s used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization (SEO) services such as Akira and ServicewrapGO.
“AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September
The Hacker News – Read More