BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Medusa Rides Momentum From Ransomware-as-a-Service Pivot
/in General NewsShifting to a RaaS business model has accelerated the group’s growth, and targeting critical industries like healthcare, legal, and manufacturing hasn’t hurt either.
darkreading – Read More
In Other News: Apple Improving Malware Detection, Cybersecurity Funding, Cyber Command Chief Fired
/in General NewsNoteworthy stories that might have slipped under the radar: Apple adding TCC events to Endpoint Security, cybersecurity funding report for Q1 2025, Trump fires the head of NSA and Cyber Command.
The post In Other News: Apple Improving Malware Detection, Cybersecurity Funding, Cyber Command Chief Fired appeared first on SecurityWeek.
SecurityWeek – Read More
Cybercriminals are trying to loot Australian pension accounts in new campaign
/in General NewsHackers over the weekend targeted Australian superannuation funds — investment accounts into which portions of employees’ wages are compulsorily placed.
The Record from Recorded Future News – Read More
Russia jails hacker for two years over cyberattack on local tech company
/in General NewsA Russian citizen has been sentenced to two years in a penal colony for launching a distributed denial-of-service (DDoS) attack against a local tech company.
The Record from Recorded Future News – Read More
State Bar of Texas Says Personal Information Stolen in Ransomware Attack
/in General NewsThe State Bar of Texas is notifying thousands of individuals that their personal information was stolen in a February ransomware attack.
The post State Bar of Texas Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Trump fires head of National Security Agency and Cyber Command
/in General NewsHaugh’s firing has seemingly caught senior lawmakers by surprise
Security News | TechCrunch – Read More
Lawmakers seek to close loophole limiting Secret Service investigations into cyber laundering
/in General NewsTwo U.S. senators reintroduced legislation on Thursday that would address limits on the ability of the Secret Service to investigate efforts to launder money made through cybercrime.
The Record from Recorded Future News – Read More
Secure Communications Evolve Beyond End-to-End Encryption
/in General NewsSignal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private.
darkreading – Read More
Critical Apache Parquet Vulnerability Leads to Remote Code Execution
/in General NewsA critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise.
The post Critical Apache Parquet Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek.
SecurityWeek – Read More
Oracle Confirms Cloud Hack
/in General NewsOracle has confirmed suffering a data breach but the tech giant is apparently trying to downplay the impact of the incident.
The post Oracle Confirms Cloud Hack appeared first on SecurityWeek.
SecurityWeek – Read More