BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Benchmarks Find ‘DeepSeek-V3-0324 Is More Vulnerable Than Qwen2.5-Max’
/in General NewsWhile the latest iteration of Qwen2.5-Max outperforms DeepSeek-V3 on security, the AI model lags behind its competition in several other areas.
Security | TechRepublic – Read More
Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option
/in General NewsMicrosoft is killing the Windows 11 bypass trick — soon, all setups will require internet and a Microsoft Account, leaving privacy-conscious users with fewer options.
Security | TechRepublic – Read More
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
/in General NewsIvanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems.
“A stack-based buffer overflow in Ivanti Connect
The Hacker News – Read More
Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code
/in General NewsA maximum severity security vulnerability has been disclosed in Apache Parquet’s Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances.
Apache Parquet is a free and open-source columnar data file format that’s designed for efficient data processing and retrieval, providing support for complex data, high-performance
The Hacker News – Read More
CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware
/in General NewsThe Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data.
The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links pointing to legitimate
The Hacker News – Read More
OpenAI just made ChatGPT Plus free for millions of college students — and it’s a brilliant competitive move against Anthropic
/in General NewsOpenAI offers free ChatGPT Plus to college students just before finals week, escalating competition with Anthropic’s Claude as tech giants battle for dominance in the $80 billion education AI market.Read More
Security News | VentureBeat – Read More
Texas city warns thousands of utility payment site breach
/in General NewsAt least 12,000 people in Texas had sensitive financial information stolen by hackers who secretly implanted malicious code into the utility payment website of the City of Lubbock.
The Record from Recorded Future News – Read More
Ted Schlein’s Ballistic Ventures is raising $100M for a new fund
/in General NewsTed Schlein’s cybersecurity-focused Ballistic Ventures is raising $100 million for a new fund, TechCrunch has exclusively learned.
Security News | TechCrunch – Read More
OpenAI just made its first cybersecurity investment
/in General NewsOpenAI just co-led a $43 million Series A into deepfake defense startup Adaptive Security.
Security News | TechCrunch – Read More
Look, no patches! Why Chainguard OS might be the most secure Linux ever
/in General NewsA secure container company listens to several top Linux maintainers on how to build the most secure Linux distro possible. The result: Chainguard OS.
Latest stories for ZDNET in Security – Read More