BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’
/in General NewsMicrosoft warns CVE-2025-29824 lets attackers with user access escalate privileges to deploy ransomware via a flaw in Windows CLFS.
Security | TechRepublic – Read More
Court document reveals locations of WhatsApp victims targeted by NSO spyware
/in General NewsThe list of 1,223 victims in 51 countries hints at the “true scale of the spyware problem,” per one researcher.
Security News | TechCrunch – Read More
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools
/in General NewsGoogle plans to unleash automated AI agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators.
The post Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools appeared first on SecurityWeek.
SecurityWeek – Read More
Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy
/in General NewsThe greatest security policies in the world are useless if enterprises don’t have a reasonable, consistent, and reliable way to implement them.
The post Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy appeared first on SecurityWeek.
SecurityWeek – Read More
Senator puts hold on Trump’s nominee for CISA director, citing telco security ‘cover up’
/in General NewsSean Plankey’s nomination to head up CISA will be blocked, for now.
Security News | TechCrunch – Read More
Rights group calls on Thai government to end alleged cyberattacks against civil society
/in General NewsHuman rights non-profit Amnesty International urged Thai authorities this week to investigate claims of state-sponsored cyberattacks against human rights organizations and pro-democracy activists following the leak of internal government documents that detailed such an operation.
The Record from Recorded Future News – Read More
AI Now Outsmarts Humans in Spear Phishing, Analysis Shows
/in General NewsAgentic AI has improved spear phishing effectiveness by 55% since 2023, research shows.
The post AI Now Outsmarts Humans in Spear Phishing, Analysis Shows appeared first on SecurityWeek.
SecurityWeek – Read More
Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
/in General NewsLovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting pages.
“As a purpose-built tool for creating and deploying web apps, its capabilities line up perfectly
The Hacker News – Read More
Hackers Claim Magento Breach via Third-Party, Leak CRM Data of 700K Users
/in General NewsAnother day, another data breach claim involving a high-profile company!
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
US banking regulator reports on ‘major’ cyber incident involving senior officials’ emails
/in General NewsThe U.S. Office of the Comptroller of the Currency told Congress that a breach of its email systems reported in February involved “highly sensitive information” in the accounts of high-ranking officials.
The Record from Recorded Future News – Read More