BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells
/in General NewsA critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Cynomi Raises $37 Million Series B to Expand Its vCISO Platform
/in General NewsCynomi announced a new $37 million Series B funding to grow its AI-powered vCISO platform for MSPs and MSSPs.
The post Cynomi Raises $37 Million Series B to Expand Its vCISO Platform appeared first on SecurityWeek.
SecurityWeek – Read More
ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion
/in General NewsCybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS.
The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN).
“LAGTOY can be
The Hacker News – Read More
Pete Hegseth’s Signal Scandal Spirals Out of Control
/in General NewsPlus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies.
Security Latest – Read More
If we want a passwordless future, let’s get our passkey story straight
/in General NewsPasswords and passkeys each involve a secret. The critical difference: How that secret gets handled.
Latest stories for ZDNET in Security – Read More
Browser Security Firm SquareX Raises $20 Million
/in General NewsSquareX offers what it has dubbed a “Browser Detection and Response (BDR)” solution.
The post Browser Security Firm SquareX Raises $20 Million appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Commvault Flaw Allows Full System Takeover – Update NOW
/in General NewsEnterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Why Developers Should Care About Generative AI (Even They Aren’t AI Expert)
/in General NewsSoftware development is about to undergo a generative change. What this means is that AI (Artificial Intelligence) has…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Mobile Applications: A Cesspool of Security Issues
/in General NewsAn analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?
darkreading – Read More
Largest telecom in Africa warns of cyber incident exposing customer data
/in General NewsMTN Group said an “unknown third-party has claimed to have accessed data linked” to parts of its system and that the incident “resulted in unauthorised access to personal information of some MTN customers in certain markets.”
The Record from Recorded Future News – Read More