BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
- Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
- Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames
- Torward - An Improved Version Based On The Torghost-Gn And Darktor Scripts, Designed To Enhance Anonymity On The Internet
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
City of Abilene Goes Offline in Wake of Cyberattack
/in General NewsThe Texas municipality is following its incident response playbook as it works with a third-party to investigate the scope and scale of the attack.
darkreading – Read More
Beware of video call links that are attempts to steal Microsoft 365 access, researchers tell NGOs
/in General NewsRussia-linked phishing attacks targeting NGOs with ties to Ukraine ask victims to join a video call, and result in them gaining access to Microsoft 365 accounts.
The Record from Recorded Future News – Read More
SSL.com Vulnerability Allowed Fraudulent SSL Certificates for Major Domains
/in General NewsAn SSL.com vulnerability allowed attackers to issue valid SSL certificates for major domains by exploiting a bug in…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
/in General NewsCybersecurity researchers have detailed a malware campaign that’s targeting Docker environments with a previously undocumented technique to mine cryptocurrency.
The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources.
This involves deploying a malware strain
The Hacker News – Read More
‘Cookie Bite’ Entra ID Attack Exposes Microsoft 365
/in General NewsA proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications.
darkreading – Read More
Tired of unsolicited nude pics? Google’s new safety feature can help – how it works
/in General NewsThe Sensitive Content Warnings feature shields you from images in Google Messages that may contain nudity and lets you easily block numbers – but you’ll need to enable it.
Latest stories for ZDNET in Security – Read More
Cloud Data Security Play Sentra Raises $50 Million Series B
/in General NewsSentra has now raised north of $100 million for controls technology to keep sensitive data out of misconfigured AI workflows.
The post Cloud Data Security Play Sentra Raises $50 Million Series B appeared first on SecurityWeek.
SecurityWeek – Read More
DataKrypto Launches Homomorphic Encryption Framework to Secure Enterprise AI Models
/in General NewsDataKrypto’s FHEnom for AI combines real-time homomorphic encryption with trusted execution environments to protect enterprise data and models from leakage, exposure, and tampering.
The post DataKrypto Launches Homomorphic Encryption Framework to Secure Enterprise AI Models appeared first on SecurityWeek.
SecurityWeek – Read More
Marks & Spencer confirms cybersecurity incident amid ongoing disruption
/in General NewsThe company said it was necessary to make operational changes to protect the business.
Security News | TechCrunch – Read More
NymVPN: Introducing a security-first decentralized VPN with a Mixnet flair
/in General NewsIt’s not often we see a VPN developed as more than just a way to hide your IP address and give you some online protection against tracking. So how does the open-source, Mixnet-based NymVPN project stack up?
Latest stories for ZDNET in Security – Read More