BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
How Organizations Can Leverage Cyber Insurance Effectively
/in General NewsBy focusing on prevention, education, and risk transfer through insurance, organizations — especially SMEs — can protect themselves from the rapidly escalating threats of cyberattacks.
darkreading – Read More
Vehicles Face 45% More Attacks, 4 Times More Hackers
/in General NewsTwo kinds of attacks are in high gear: ransomware attacks against OEMs and compromised electric vehicle chargers, according to data from Q1 2025.
darkreading – Read More
Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy
/in General NewsWith over 12,000 breaches analyzed, this year’s DBIR reveals a landscape shaped by not just individual threats, but by entire economies of compromise.
The post Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy appeared first on SecurityWeek.
SecurityWeek – Read More
Data breach at Connecticut’s Yale New Haven Health affects over 5 million
/in General NewsYale New Haven Health is Connecticut’s largest healthcare provider.
Security News | TechCrunch – Read More
South Korean Companies Targeted by Lazarus via Watering Hole Attacks, Zero-Days
/in General NewsMultiple South Korean organizations across industries have been targeted in a recent Lazarus campaign dubbed Operation SyncHole.
The post South Korean Companies Targeted by Lazarus via Watering Hole Attacks, Zero-Days appeared first on SecurityWeek.
SecurityWeek – Read More
In Other News: Prison for Disney Hacker, MITRE ATT&CK v17, Massive DDoS Botnet
/in General NewsNoteworthy stories that might have slipped under the radar: former Disney employee sent to prison for hacking, MITRE releases ATT&CK v17, DDoS botnet powered by 1.3 million devices.
The post In Other News: Prison for Disney Hacker, MITRE ATT&CK v17, Massive DDoS Botnet appeared first on SecurityWeek.
SecurityWeek – Read More
How to prevent your streaming device from tracking your viewing habits (and why it makes a difference)
/in General NewsYour Fire Stick, Roku, and other streaming devices collect your personal data for various reasons. If you’re uncomfortable with that, here’s how to get peace of mind.
Latest stories for ZDNET in Security – Read More
SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers
/in General NewsThreat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.
“The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue,” ReliaQuest said in a report published this week.
The cybersecurity
The Hacker News – Read More
Why NHIs Are Security’s Most Dangerous Blind Spot
/in General NewsWhen we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities (NHIs).
At the top of mind when NHIs are mentioned, most security teams immediately think of Service Accounts.
The Hacker News – Read More
RSA Conference 2025 – Pre-Event Announcements Summary (Part 2)
/in General NewsHundreds of companies are showcasing their products and services next week at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 – Pre-Event Announcements Summary (Part 2) appeared first on SecurityWeek.
SecurityWeek – Read More