BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
2 Android Zero-Day Bugs Under Active Exploit
/in General NewsNeither security issue requires user interaction, and one of the vulnerabilities was used to unlock a student activist’s device in an attempt to install spyware.
darkreading – Read More
Adobe Calls Urgent Attention to Critical ColdFusion Flaws
/in General NewsThe Adobe Patch Tuesday rollout covers 54 vulnerabilities, including code execution issues in the oft-targeted Adobe ColdFusion software.
The post Adobe Calls Urgent Attention to Critical ColdFusion Flaws appeared first on SecurityWeek.
SecurityWeek – Read More
Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
/in General NewsCybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution.
The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges,
The Hacker News – Read More
How Meta’s new teen accounts aim to keep your kids safer on Facebook
/in General NewsThese teen accounts for Facebook and Messenger are packed with restrictions.
Latest stories for ZDNET in Security – Read More
Network Access Vendor Portnox Secures $37.5 Million Investment
/in General NewsTexas network access control startup closes a Series B round led by Updata Partners and brings the total raised to $60 million.
The post Network Access Vendor Portnox Secures $37.5 Million Investment appeared first on SecurityWeek.
SecurityWeek – Read More
Vulnerability Management Firm Spektion Emerges From Stealth With $5 Million in Funding
/in General NewsSpektion has emerged from stealth mode with $5 million in seed funding for its vulnerability management solution.
The post Vulnerability Management Firm Spektion Emerges From Stealth With $5 Million in Funding appeared first on SecurityWeek.
SecurityWeek – Read More
Octane Raises $6.75M for Smart Contract Security Tech
/in General NewsSan Francisco smart contract security startup closes a $6.75 million seed funding round led by Archetype and Winklevoss Capital.
The post Octane Raises $6.75M for Smart Contract Security Tech appeared first on SecurityWeek.
SecurityWeek – Read More
Google fixes two Android zero-day bugs actively exploited by hackers
/in General NewsThe most severe security bug can be exploited without user interaction, per Google.
Security News | TechCrunch – Read More
DNS: The Secret Weapon CISOs May Be Overlooking In the Fight Against Cyberattacks
/in General NewsWhile often relegated to a purely functional role, DNS offers unparalleled opportunities for preemptive defense against cyberattacks.
The post DNS: The Secret Weapon CISOs May Be Overlooking In the Fight Against Cyberattacks appeared first on SecurityWeek.
SecurityWeek – Read More
Anecdotes Raises $30 Million for Enterprise GRC Platform
/in General NewsAnecdotes has raised $55 million in an extended Series B funding round that brings the total raised by the company to $85 million.
The post Anecdotes Raises $30 Million for Enterprise GRC Platform appeared first on SecurityWeek.
SecurityWeek – Read More