BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
Exploit DB
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
African Telecom Giant MTN Group Discloses Data Breach
/in General NewsMTN Group says the personal information of certain customers was compromised in a cybersecurity incident.
The post African Telecom Giant MTN Group Discloses Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
/in General NewsCybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a “critical patch” but deploy a backdoor instead.
WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running
The Hacker News – Read More
Oregon Agency Won’t Say If Hackers Stole Data in Cyberattack
/in General NewsOregon’s environmental agency won’t say if a group of hackers stole data in a cyberattack that was first announced earlier this month.
The post Oregon Agency Won’t Say If Hackers Stole Data in Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
/in General NewsThreat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access.
The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities –
CVE-2024-58136 (CVSS score: 9.0) – An improper protection of alternate path flaw in the Yii PHP
The Hacker News – Read More
4chan is back online, says it’s been ‘starved of money’
/in General News4chan is partly back online after a hack took the infamous image-sharing site down for nearly two weeks. The site first went down on April 14, with the person responsible for the hack apparently leaking data including a list of moderators and “janitors” (one janitor told TechCrunch they were “confident” that the leaked data was […]
Security News | TechCrunch – Read More
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
/in General NewsMicrosoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year.
“The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors,” the Microsoft Threat Intelligence team said in an analysis.
The tech giant noted that
The Hacker News – Read More
Government officials are kind of bad at the internet
/in General NewsPerhaps no one in the world has made such catastrophic tech flubs this year as U.S. Secretary of Defense Pete Hegseth. The saga started when the editor-in-chief of The Atlantic, Jeffrey Goldberg, reported that he had been mistakenly added to an unauthorized Signal group chat by U.S. National Security Advisor Michael Waltz, where numerous high-ranking […]
Security News | TechCrunch – Read More
Planet Technology Industrial Switch Flaws Risk Full Takeover – Patch Now
/in General NewsImmersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control.…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells
/in General NewsA critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Cynomi Raises $37 Million Series B to Expand Its vCISO Platform
/in General NewsCynomi announced a new $37 million Series B funding to grow its AI-powered vCISO platform for MSPs and MSSPs.
The post Cynomi Raises $37 Million Series B to Expand Its vCISO Platform appeared first on SecurityWeek.
SecurityWeek – Read More