BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Look, no patches! Why Chainguard OS might be the most secure Linux ever
/in General NewsA secure container company listens to several top Linux maintainers on how to build the most secure Linux distro possible. The result: Chainguard OS.
Latest stories for ZDNET in Security – Read More
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
/in General NewsMicrosoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials.
“These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection,” Microsoft said in a report shared with The
The Hacker News – Read More
US, Australia, Canada warn of ‘fast flux’ scheme used by ransomware gangs
/in General NewsRansomware gangs and Russian government hackers are increasingly turning to an old tactic called “fast flux” to hide the location of infrastructure used in cyberattacks.
The Record from Recorded Future News – Read More
Hacker Claims Twilio’s SendGrid Data Breach, Selling 848,000 Records
/in General NewsA hacker, previously linked to the Tracelo breach, now claims to have breached Twilio’s SendGrid, leaking and selling data on 848,000 customers, including contact and company info.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances
/in General NewsIvanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits.
The post Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances appeared first on SecurityWeek.
SecurityWeek – Read More
This sneaky Android spyware needs a password to uninstall. Here’s how to remove it without one.
/in General NewsA simple trick can remove malicious Android spyware apps that require a password to uninstall.
Security News | TechCrunch – Read More
Halo ITSM Vulnerability Exposed Organizations to Remote Hacking
/in General NewsAn unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data.
The post Halo ITSM Vulnerability Exposed Organizations to Remote Hacking appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers Exploit Stripe API for Web Skimming Card Theft on Online Stores
/in General NewsCybersecurity researchers at Jscamblers have uncovered a sophisticated web-skimming campaign targeting online retailers. The campaign utilizes a legacy…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Secure Ideas Achieves CREST Accreditation and CMMC Level 1 Compliance
/in General NewsJacksonville, United States, 3rd April 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Payment Fraud Detection and Prevention: Here’s All To Know
/in General NewsHere are the most common and latest advancements in payment fraud strategies and payment fraud prevention tools for protecting your business.
Security | TechRepublic – Read More