BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses
/in General NewsDeepMind found that current AI frameworks are ad hoc, not systematic, and fail to provide defenders with useful insights.
The post Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses appeared first on SecurityWeek.
SecurityWeek – Read More
How an Interdiction Mindset Can Help Win War on Cyberattacks
/in General NewsThe US military and law enforcement learned to outthink insurgents. It’s time for cybersecurity to learn to outsmart and outmaneuver threat actors with the same framework.
darkreading – Read More
North Korean IT worker scam spreading to Europe after US law enforcement crackdown
/in General NewsNorth Korea’s IT worker scam has expanded widely into Europe after years of focusing on U.S. companies, according to new research.
The Record from Recorded Future News – Read More
KeePass Review (2025): Features, Pricing, and Security
/in General NewsWhile its downloadable plugins make it highly customizable, KeePass’ unintuitive interface holds it back from one of our top password manager picks.
Security | TechRepublic – Read More
Augment Code debuts AI agent with 70% win rate over GitHub Copilot and record-breaking SWE-bench score
/in General NewsAugment Code launches AI technology that outperforms GitHub Copilot by 70% through real-time context understanding of massive codebases, securing $270M funding and achieving the highest score on SWE-bench verified.Read More
Security News | VentureBeat – Read More
KeePass Review (2025): Features, Pricing, and Security
/in General NewsWhile its downloadable plugins make it highly customizable, KeePass’ unintuitive interface holds it back from one of our top password manager picks.
Security | TechRepublic – Read More
Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers
/in General NewsIntroduction
As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices.
For service providers, adhering to NIST
The Hacker News – Read More
Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks
/in General NewsNorth Korea’s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem.
The post Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Questions Remain Over Attacks Causing DrayTek Router Reboots
/in General NewsDrayTek has shared some clarifications regarding the recent attacks causing router reboots, but some questions remain unanswered.
The post Questions Remain Over Attacks Causing DrayTek Router Reboots appeared first on SecurityWeek.
SecurityWeek – Read More
Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users
/in General NewsGmail now allows enterprise users to send end-to-end encrypted emails to colleagues, and will soon allow sending to any inbox.
The post Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users appeared first on SecurityWeek.
SecurityWeek – Read More