BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
- Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Anthropic just launched a $200 version of Claude AI — here’s what you get for the premium price
/in General NewsAnthropic launches new Claude Max subscription tiers at $100 and $200 monthly, challenging OpenAI’s premium offerings while targeting power users who need expanded AI assistant capabilities.Read More
Security News | VentureBeat – Read More
Spyware Maker NSO Group Is Paving a Path Back Into Trump’s America
/in General NewsThe Israeli spyware maker, still on the US Commerce Department’s “blacklist,” has hired a new lobbying firm with direct ties to the Trump administration, a WIRED investigation has found.
Security Latest – Read More
Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’
/in General NewsMicrosoft warns CVE-2025-29824 lets attackers with user access escalate privileges to deploy ransomware via a flaw in Windows CLFS.
Security | TechRepublic – Read More
Court document reveals locations of WhatsApp victims targeted by NSO spyware
/in General NewsThe list of 1,223 victims in 51 countries hints at the “true scale of the spyware problem,” per one researcher.
Security News | TechCrunch – Read More
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools
/in General NewsGoogle plans to unleash automated AI agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators.
The post Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools appeared first on SecurityWeek.
SecurityWeek – Read More
Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy
/in General NewsThe greatest security policies in the world are useless if enterprises don’t have a reasonable, consistent, and reliable way to implement them.
The post Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy appeared first on SecurityWeek.
SecurityWeek – Read More
Senator puts hold on Trump’s nominee for CISA director, citing telco security ‘cover up’
/in General NewsSean Plankey’s nomination to head up CISA will be blocked, for now.
Security News | TechCrunch – Read More
Rights group calls on Thai government to end alleged cyberattacks against civil society
/in General NewsHuman rights non-profit Amnesty International urged Thai authorities this week to investigate claims of state-sponsored cyberattacks against human rights organizations and pro-democracy activists following the leak of internal government documents that detailed such an operation.
The Record from Recorded Future News – Read More
AI Now Outsmarts Humans in Spear Phishing, Analysis Shows
/in General NewsAgentic AI has improved spear phishing effectiveness by 55% since 2023, research shows.
The post AI Now Outsmarts Humans in Spear Phishing, Analysis Shows appeared first on SecurityWeek.
SecurityWeek – Read More
Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
/in General NewsLovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting pages.
“As a purpose-built tool for creating and deploying web apps, its capabilities line up perfectly
The Hacker News – Read More