BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
Exploit DB
- [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters
/in General NewsThe phishing campaign is highly sophisticated!
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
New Issuance Requirements Improve HTTPS Certificate Validation
/in General NewsHTTPS certificate issuance now requires Multi-Perspective Issuance Corroboration and linting to improve validation.
The post New Issuance Requirements Improve HTTPS Certificate Validation appeared first on SecurityWeek.
SecurityWeek – Read More
Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe
/in General NewsThe Grandoreiro banking trojan has reemerged in new campaigns targeting users in Latin America and Europe.
The post Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe appeared first on SecurityWeek.
SecurityWeek – Read More
Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity
/in General NewsLong gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require solutions that go beyond storage and enable instant recovery to minimize downtime and data loss. This is
The Hacker News – Read More
Morphing Meerkat Phishing Kits Target Over 100 Brands
/in General NewsA threat actor tracked as Morphing Meerkat abuses DNS mail exchange (MX) records to deliver spoofed login pages.
The post Morphing Meerkat Phishing Kits Target Over 100 Brands appeared first on SecurityWeek.
SecurityWeek – Read More
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
/in General NewsFirefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day.
The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on SecurityWeek.
SecurityWeek – Read More
PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps
/in General NewsAn Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps.
“PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices,” Sophos security researcher Pankaj Kohli said in a Thursday analysis.
PJobRAT, first
The Hacker News – Read More
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
/in General NewsCybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems.
“Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers,” Sonatype researcher Ax Sharma said. “However, […] the latest
The Hacker News – Read More
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
/in General NewsMozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape.
“Following the recent Chrome sandbox escape (
The Hacker News – Read More
Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen
/in General NewsThe Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.
darkreading – Read More