BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Hacker Claims WooCommerce Data Breach, Selling 4m User Records
/in General NewsA hacker using the alias “Satanic” claims a WooCommerce data breach via a third party, selling data on…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day
/in General NewsOne CVE was used against “a small number of targets.” Windows 10 users needed to wait a little bit for their patches.
Security | TechRepublic – Read More
US Comptroller Cyber ‘Incident’ Compromises Org’s Emails
/in General NewsA review of the emails involved in the breach is still ongoing, but what has been discovered is enough for the Treasury Department to label it a “major cyber incident.”
darkreading – Read More
Tariffs May Prompt Increase in Global Cyberattacks
/in General NewsCybersecurity and policy experts worry that if tariffs give way to a global recession, organizations will reduce their spending on cybersecurity.
darkreading – Read More
5 ways to avoid spyware disguised as legit apps – before it’s too late
/in General NewsYou may not be the intended target of these malicious apps masquerading as legitimate programs – but you can still be their victim.
Latest stories for ZDNET in Security – Read More
Anthropic just launched a $200 version of Claude AI — here’s what you get for the premium price
/in General NewsAnthropic launches new Claude Max subscription tiers at $100 and $200 monthly, challenging OpenAI’s premium offerings while targeting power users who need expanded AI assistant capabilities.Read More
Security News | VentureBeat – Read More
Spyware Maker NSO Group Is Paving a Path Back Into Trump’s America
/in General NewsThe Israeli spyware maker, still on the US Commerce Department’s “blacklist,” has hired a new lobbying firm with direct ties to the Trump administration, a WIRED investigation has found.
Security Latest – Read More
Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’
/in General NewsMicrosoft warns CVE-2025-29824 lets attackers with user access escalate privileges to deploy ransomware via a flaw in Windows CLFS.
Security | TechRepublic – Read More
Court document reveals locations of WhatsApp victims targeted by NSO spyware
/in General NewsThe list of 1,223 victims in 51 countries hints at the “true scale of the spyware problem,” per one researcher.
Security News | TechCrunch – Read More
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools
/in General NewsGoogle plans to unleash automated AI agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators.
The post Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools appeared first on SecurityWeek.
SecurityWeek – Read More