BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows
/in General NewsExperimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant.
The post Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows appeared first on SecurityWeek.
SecurityWeek – Read More
Intergenerational Mentoring: Key to Cybersecurity’s AI Future
/in General NewsAs threats evolve and technology changes, our ability to work together across generations will determine our success.
darkreading – Read More
Xanthorox AI Surfaces on Dark Web as Full Spectrum Hacking Assistant
/in General NewsNew Xanthorox AI hacking platform spotted on dark web with modular tools, offline mode, and advanced voice, image, and code-based cyberattack features.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
SpyCloud Research Shows that Endpoint Detection and Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections
/in General NewsAustin, TX, USA, 7th April 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Someone hacked ransomware gang Everest’s leak site
/in General News“Don’t do crime,” the ransomware gang’s dark web leak site reads.
Security News | TechCrunch – Read More
CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign
/in General News‘PoisonSeed’ phishing campaign targets CRM and bulk email providers to distribute “crypto seed phrase” messages.
The post CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign appeared first on SecurityWeek.
SecurityWeek – Read More
Port of Seattle Says 90,000 People Impacted by Ransomware Attack
/in General NewsThe Port of Seattle says the personal information of 90,000 individuals was stolen in an August 2024 ransomware attack.
The post Port of Seattle Says 90,000 People Impacted by Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog
/in General NewsNIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them.
The post NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog appeared first on SecurityWeek.
SecurityWeek – Read More
Suspected Scattered Spider Hacker Pleads Guilty
/in General NewsA 20-year-old arrested last year and charged alongside others believed to be members of Scattered Spider has pleaded guilty.
The post Suspected Scattered Spider Hacker Pleads Guilty appeared first on SecurityWeek.
SecurityWeek – Read More
PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
/in General NewsA malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims’ digital wallets.
“Recipients of the bulk spam are targeted with a cryptocurrency seed phrase poisoning attack,” Silent Push said in an
The Hacker News – Read More