BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Cisco: Fine-tuned LLMs are now threat multipliers—22x more likely to go rogue
/in General NewsCisco warns LLMs fine-tuned for business are now being weaponized. Guardrails aren’t failing. They’re being engineered around.Read More
Security News | VentureBeat – Read More
CISA Warns: Old DNS Trick ‘Fast Flux’ Is Still Thriving
/in General NewsAn old DNS switcheroo technique is still helping attackers keep their infrastructure alive. But is it really a pressing issue in 2025?
darkreading – Read More
Gmail Is Not a Secure Way to Send Sensitive Comms: A Friendly Reminder
/in General NewsNew end-to-end Gmail encryption alone isn’t secure enough for an enterprise’s most sensitive and prized data, experts say.
darkreading – Read More
RSAC Unveils Keynote Speaker Slate for RSAC (TM) 2025 Conference
/in General NewsPost Content
darkreading – Read More
Port of Seattle says 90,000 people impacted in 2024 ransomware attack
/in General NewsThe organization that runs Seattle-Tacoma International Airport and several container terminals said it is sending breach notification letters to those affected by a ransomware attack, including about 71,000 people in Washington state.
The Record from Recorded Future News – Read More
Minnesota Tribe Struggles After Ransomware Attack
/in General NewsHotel and casino operations for the Lower Sioux Indians have been canceled or postponed, and the local health center is redirecting those needing medical or dental care.
darkreading – Read More
Top Crypto Wallets of 2025: Balancing Security and Convenience
/in General NewsCrypto software wallets are invincible in the micro range. If you own multiple crypto assets, you need safe and reliable wallets, too.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Call Records of Millions Exposed by Verizon App Vulnerability
/in General NewsA patch has been released for a serious information disclosure vulnerability affecting a Verizon call filtering application.
The post Call Records of Millions Exposed by Verizon App Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
DDoS Attacks Now Key Weapons in Geopolitical Conflicts, NETSCOUT Warns
/in General NewsHackers now use AI and botnets to launch powerful DDoS attacks, bypassing security and overwhelming servers as law enforcement struggles to keep up.
Security | TechRepublic – Read More
CISA Layoffs Are a Momentary Disruption, Not a Threat
/in General NewsLayoffs may cause short-term disruptions, but they don’t represent a catastrophic loss of cybersecurity capability — because the true cyber operations never resided solely within CISA to begin with.
darkreading – Read More