BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
- Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Vulnerability Management Firm Spektion Emerges From Stealth With $5 Million in Funding
/in General NewsSpektion has emerged from stealth mode with $5 million in seed funding for its vulnerability management solution.
The post Vulnerability Management Firm Spektion Emerges From Stealth With $5 Million in Funding appeared first on SecurityWeek.
SecurityWeek – Read More
Octane Raises $6.75M for Smart Contract Security Tech
/in General NewsSan Francisco smart contract security startup closes a $6.75 million seed funding round led by Archetype and Winklevoss Capital.
The post Octane Raises $6.75M for Smart Contract Security Tech appeared first on SecurityWeek.
SecurityWeek – Read More
Google fixes two Android zero-day bugs actively exploited by hackers
/in General NewsThe most severe security bug can be exploited without user interaction, per Google.
Security News | TechCrunch – Read More
DNS: The Secret Weapon CISOs May Be Overlooking In the Fight Against Cyberattacks
/in General NewsWhile often relegated to a purely functional role, DNS offers unparalleled opportunities for preemptive defense against cyberattacks.
The post DNS: The Secret Weapon CISOs May Be Overlooking In the Fight Against Cyberattacks appeared first on SecurityWeek.
SecurityWeek – Read More
Anecdotes Raises $30 Million for Enterprise GRC Platform
/in General NewsAnecdotes has raised $55 million in an extended Series B funding round that brings the total raised by the company to $85 million.
The post Anecdotes Raises $30 Million for Enterprise GRC Platform appeared first on SecurityWeek.
SecurityWeek – Read More
SAP Patches Critical Code Injection Vulnerabilities
/in General NewsSAP released 20 security notes on April 2025 patch day, including three addressing critical code injection and authentication bypass flaws.
The post SAP Patches Critical Code Injection Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Canada says China-linked information campaign spreading false narratives about prime minister
/in General NewsA China-linked information campaign is using a network of WeChat accounts to attack Canadian Prime Minister Mark Carney ahead of the country’s upcoming federal election, authorities said.
The Record from Recorded Future News – Read More
WhatsApp Vulnerability Could Facilitate Remote Code Execution
/in General NewsAn update for the WhatsApp desktop app for Windows patches CVE-2025-30401, a spoofing vulnerability that could be used to trick users.
The post WhatsApp Vulnerability Could Facilitate Remote Code Execution appeared first on SecurityWeek.
SecurityWeek – Read More
HellCat Ransomware Hits 4 Firms using Infostealer-Stolen Jira Credentials
/in General NewsHellCat ransomware hits 4 companies by exploiting Jira credentials stolen through infostealer malware, continuing their global attack spree.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Aurascape Banks Hefty $50 Million to Mitigate ‘Shadow AI’ Risks
/in General NewsSilicon Valley startup secures big investment from Menlo Ventures and Mayfield Fund to solve the “shadow AI” security problem.
The post Aurascape Banks Hefty $50 Million to Mitigate ‘Shadow AI’ Risks appeared first on SecurityWeek.
SecurityWeek – Read More