BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
Exploit DB
- [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
/in General NewsCybersecurity researchers have discovered a new Android banking malware called Crocodilus that’s primarily designed to target users in Spain and Turkey.
“Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,”
The Hacker News – Read More
SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk
/in General NewsPalo Alto, USA, 29th March 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
/in General NewsIn what’s an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process.
Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract
The Hacker News – Read More
Evilginx Tool (Still) Bypasses MFA
/in General NewsBased on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens.
darkreading – Read More
New Morphing Meerkat Phishing Kit Exploits DNS to Spoof 100+ Brands
/in General NewsA recent analysis published by Infoblox reveals a sophisticated phishing operation, dubbed Morphing Meerkat, actively exploiting DNS vulnerabilities…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Oracle Still Denies Breach as Researchers Persist
/in General NewsEvidence suggests an attacker gained access to the company’s cloud infrastructure environment, but Oracle insists that didn’t happen.
darkreading – Read More
Harmonic Security Raises $17.5M Series A to Accelerate Zero-Touch Data Protection to Market
/in General NewsPost Content
darkreading – Read More
Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations
/in General NewsPost Content
darkreading – Read More
How to Implement CMMS Software in Your Organization
/in General NewsLet’s face it: Rolling out new software across an entire organization can feel like herding cats. Between data…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Again and again, NSO Group’s customers keep getting their spyware operations caught
/in General NewsDespite the stealthy nature of spyware, security researchers keep detecting Pegasus spyware attacks in part because of sloppy ‘operational security.’
Security News | TechCrunch – Read More