BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
Exploit DB
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
Russia tightens cybersecurity measures as financial fraud hits record high
/in General NewsVladimir Putin signed a law on Monday that prohibits state institutions, banks and others from using foreign messaging apps when communicating with customers.
The Record from Recorded Future News – Read More
Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals
/in General NewsGreyNoise warns of a coordinated effort probing the internet for potentially vulnerable Palo Alto Networks GlobalProtect instances.
The post Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals appeared first on SecurityWeek.
SecurityWeek – Read More
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
/in General NewsA new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android.
Lucid’s unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms.
“Its scalable,
The Hacker News – Read More
UK sets out new cyber reporting requirements for critical infrastructure
/in General NewsThe belated reworking of the country’s cybersecurity regulations comes three years after the previous government had prematurely described those laws as “updated” while failing to actually introduce the legislation.
The Record from Recorded Future News – Read More
Windows 11 PC won’t boot? Microsoft’s new tool tries to fix it before you even panic – here’s how
/in General NewsNow available to Windows Insiders, Windows 11 is getting a secret weapon for boot failures called Quick Machine Recovery – and it works automatically.
Latest stories for ZDNET in Security – Read More
Google ‘ImageRunner’ Bug Enabled Privilege Escalation
/in General NewsTenable released details of a Google Cloud Run flaw that prior to remediation allowed a threat actor to escalate privileges.
darkreading – Read More
FDA’s Critical Role in Keeping Medical Devices Secure
/in General NewsThe FDA’s regulations and guidance aim to strike a balance between ensuring rigorous oversight and enabling manufacturers to act swiftly when vulnerabilities are discovered.
darkreading – Read More
Security Operations Firm ReliaQuest Raises $500M at $3.4B Valuation
/in General NewsReliaQuest has announced a new growth funding round that brings the total raised by the firm to over $830 million.
The post Security Operations Firm ReliaQuest Raises $500M at $3.4B Valuation appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Group Takes Credit for National Presto Industries Attack
/in General NewsA ransomware group has claimed responsibility for a March cyberattack on National Presto Industries subsidiary National Defense Corporation.
The post Ransomware Group Takes Credit for National Presto Industries Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Google says easy email encryption is on the way – for some users
/in General NewsSending encrypted emails today involves a nightmare of certificates and administrative headaches. Google says it’s ready to make things easier.
Latest stories for ZDNET in Security – Read More