BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Secure Communications Evolve Beyond End-to-End Encryption
/in General NewsSignal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private.
darkreading – Read More
Critical Apache Parquet Vulnerability Leads to Remote Code Execution
/in General NewsA critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise.
The post Critical Apache Parquet Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek.
SecurityWeek – Read More
Oracle Confirms Cloud Hack
/in General NewsOracle has confirmed suffering a data breach but the tech giant is apparently trying to downplay the impact of the incident.
The post Oracle Confirms Cloud Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Have We Reached a Distroless Tipping Point?
/in General NewsThere’s a virtuous cycle in technology that pushes the boundaries of what’s being built and how it’s being used. A new technology development emerges and captures the world’s attention. People start experimenting and discover novel applications, use cases, and approaches to maximize the innovation’s potential. These use cases generate significant value, fueling demand for the next iteration of
The Hacker News – Read More
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack
/in General NewsEvidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
The post Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack appeared first on SecurityWeek.
SecurityWeek – Read More
North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds
/in General NewsThe attackers pose as legitimate remote IT workers, looking to both generate revenue and access sensitive company data through employment. “Europe needs to wake up fast,” according to Google’s Jamie Collier.
Security | TechRepublic – Read More
Benchmarks Find ‘DeepSeek-V3-0324 Is More Vulnerable Than Qwen2.5-Max’
/in General NewsWhile the latest iteration of Qwen2.5-Max outperforms DeepSeek-V3 on security, the AI model lags behind its competition in several other areas.
Security | TechRepublic – Read More
Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option
/in General NewsMicrosoft is killing the Windows 11 bypass trick — soon, all setups will require internet and a Microsoft Account, leaving privacy-conscious users with fewer options.
Security | TechRepublic – Read More
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
/in General NewsIvanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems.
“A stack-based buffer overflow in Ivanti Connect
The Hacker News – Read More
Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code
/in General NewsA maximum severity security vulnerability has been disclosed in Apache Parquet’s Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances.
Apache Parquet is a free and open-source columnar data file format that’s designed for efficient data processing and retrieval, providing support for complex data, high-performance
The Hacker News – Read More