BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
Exploit DB
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
AirPlay Vulnerabilities Expose Apple Devices to Zero-Click Takeover
/in General NewsVulnerabilities in Apple’s AirPlay protocol could have allowed attackers to execute code remotely without user interaction.
The post AirPlay Vulnerabilities Expose Apple Devices to Zero-Click Takeover appeared first on SecurityWeek.
SecurityWeek – Read More
Chrome 136, Firefox 138 Patch High-Severity Vulnerabilities
/in General NewsChrome 136 and Firefox 138 were released in the stable channel with patches for multiple high-severity vulnerabilities.
The post Chrome 136, Firefox 138 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code
/in General NewsMeta on Tuesday announced LlamaFirewall, an open-source framework designed to secure artificial intelligence (AI) systems against emerging cyber risks such as prompt injection, jailbreaks, and insecure code, among others.
The framework, the company said, incorporates three guardrails, including PromptGuard 2, Agent Alignment Checks, and CodeShield.
PromptGuard 2 is designed to detect direct
The Hacker News – Read More
Indian Court Orders Action to Block Proton Mail Over AI Deepfake Abuse Allegations
/in General NewsA high court in the Indian state of Karnataka has ordered the blocking of end-to-end encrypted email provider Proton Mail across the country.
The High Court of Karnataka, on April 29, said the ruling was in response to a legal complaint filed by M Moser Design Associated India Pvt Ltd in January 2025.
The complaint alleged its staff had received e-mails containing obscene, abusive
The Hacker News – Read More
Google: 75 zero-days seen in 2024 as nations, spyware vendors continue exploitation
/in General NewsGoogle’s Threat Intelligence team published its annual zero-day report on Tuesday, finding that 75 vulnerabilities were exploited in the wild in 2024, down from 98 in the prior year.
The Record from Recorded Future News – Read More
Meta unleashes Llama API running 18x faster than OpenAI: Cerebras partnership delivers 2,600 tokens per second
/in General NewsMeta partners with Cerebras to launch its new Llama API, offering developers AI inference speeds up to 18 times faster than traditional GPU solutions, challenging OpenAI and Google in the fast-growing AI services market.Read More
Security News | VentureBeat – Read More
Many Fuel Tank Monitoring Systems Vulnerable to Disruption
/in General NewsThousands of automatic tank gauge (ATG) devices are accessible over the Internet and are just “a packet away” from compromise, security researcher warns at 2025 RSAC Conference.
darkreading – Read More
Hacking in Space: Not as Tough as You Might Think
/in General NewsBarbara Grofe, space asset security architect at Spartan Corp, discussed the realities of hacking in space, and the outlook is not pie-in-the-sky.
darkreading – Read More
From Mission-Centric to People-Centric: Competitive Leadership in Cyber
/in General NewsMaking a case for empathy in cyber-leadership roles as a strategic business advantage.
darkreading – Read More
WhatsApp Is Walking a Tightrope Between AI Features and Privacy
/in General NewsWhatsApp’s AI tools will use a new “Private Processing” system designed to allow cloud access without letting Meta or anyone else see end-to-end encrypted chats. But experts still see risks.
Security Latest – Read More