BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
Exploit DB
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
Nova Scotia energy provider takes some servers offline following cyber incident
/in General NewsOn Friday, Nova Scotia Power — which provides serves 95% of the power for the region — discovered a cyber incident involving unauthorized access to its systems.
The Record from Recorded Future News – Read More
Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi
/in General NewsResearchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it.
Security Latest – Read More
Pistachio Raises $7 Million for Cybersecurity Training Platform
/in General NewsCybersecurity awareness training platform Pistachio has raised $7 million in a Series A funding round led by Walter Ventures.
The post Pistachio Raises $7 Million for Cybersecurity Training Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Google Tracked 75 Zero-Days in 2024
/in General NewsThe number of exploited zero-days seen by Google in 2024 dropped to 75, from 98 observed in the previous year.
The post Google Tracked 75 Zero-Days in 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
Cybersecurity Firms Raise Over $1.7 Billion Ahead of RSA Conference 2025
/in General NewsMore than 30 companies announced a total of $1.7 billion in funding in weeks leading up to the industry’s largest gathering.
The post Cybersecurity Firms Raise Over $1.7 Billion Ahead of RSA Conference 2025 appeared first on SecurityWeek.
SecurityWeek – Read More
LayerX Raises $11 Million for Browser Security Solution
/in General NewsBrowser security firm LayerX has raised $11 million in a Series A funding round extension led by Jump Capital.
The post LayerX Raises $11 Million for Browser Security Solution appeared first on SecurityWeek.
SecurityWeek – Read More
Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Attacks
/in General NewsMore than 400 SAP NetWeaver servers are impacted by CVE-2025-31324, an exploited remote code execution vulnerability.
The post Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
RSA Conference 2025 Announcements Summary (Day 1)
/in General NewsHundreds of companies are showcasing their products and services this week at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 Announcements Summary (Day 1) appeared first on SecurityWeek.
SecurityWeek – Read More
Vulnerability Exploitation Is Shifting in 2024-25
/in General NewsThe number of vulnerabilities exploited by attacks may not be growing these days, but they are increasingly affecting enterprise technologies.
darkreading – Read More
Government hackers are leading the use of attributed zero-days, Google says
/in General NewsGovernments like China and North Korea, along with spyware makers, used the most recorded zero-days in 2024.
Security News | TechCrunch – Read More