BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
Exploit DB
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
Palo Alto Networks to Acquire AI Security Firm Protect AI
/in General NewsPalo Alto Networks is acquiring AI security company Protect AI in a deal previously estimated at $650-700 million.
The post Palo Alto Networks to Acquire AI Security Firm Protect AI appeared first on SecurityWeek.
SecurityWeek – Read More
NetFoundry Raises $12 Million for Network Security Solutions
/in General NewsZero-trust network security solutions provider NetFoundry has raised $12 million in funding from SYN Ventures.
The post NetFoundry Raises $12 Million for Network Security Solutions appeared first on SecurityWeek.
SecurityWeek – Read More
Veza Banks $108 Million Series D at $808 Million Valuation
/in General NewsSan Francisco identity security play Veza closes a Series D fund round led by New Enterprise Associates (NEA).
The post Veza Banks $108 Million Series D at $808 Million Valuation appeared first on SecurityWeek.
SecurityWeek – Read More
Citizen Lab say exiled Uyghur leaders targeted with Windows spyware
/in General NewsThe researchers said the attackers behind the campaign had “deep understanding of the target community.”
Security News | TechCrunch – Read More
JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference
/in General NewsThis tension between hard-edged risk realism and breathless AI evangelism sets an unmistakable tone for a bellwether conference where 40,000-plus gather to do business.
The post JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference appeared first on SecurityWeek.
SecurityWeek – Read More
AI, Automation, and Dark Web Fuel Evolving Threat Landscape
/in General NewsAttackers are leveraging the benefits of new technology and the availability of commodity tools, credentials, and other resources to develop sophisticated attacks more quickly than ever, putting defenders on their heels.
darkreading – Read More
Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites
/in General NewsThreat actors have exploited a zero-day vulnerability in Craft CMS to execute PHP code on hundreds of websites.
The post Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites appeared first on SecurityWeek.
SecurityWeek – Read More
Ukrainian state and banking services restored after data center outage
/in General NewsA Ukrainian cloud provider said it had restored services after a power outage disrupted operations for customers including government agencies and major companies over the weekend.
The Record from Recorded Future News – Read More
Forget the Stack; Focus on Control
/in General NewsSecurity teams are under more pressure than ever — and cybersecurity debt is adding fuel to the fire. While it can’t be eliminated overnight, it can be managed.
darkreading – Read More
How Malwarebytes’ new security tools help stop online scams before it’s too late
/in General NewsOnline fraud is costing billions – but Malwarebytes’ new tools could be the secret weapon companies need to protect themselves and fight back.
Latest stories for ZDNET in Security – Read More