BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
Belarusian hackers taunt Kaspersky over report detailing their attacks
/in General NewsA recent Kaspersky report offers a rare glimpse into the alleged arsenal of politically motivated hackers waging a digital war against authoritarian regimes in Russia and Belarus.
The Record from Recorded Future News – Read More
Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones
/in General NewsCitizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims.
The post Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones appeared first on SecurityWeek.
SecurityWeek – Read More
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
/in General NewsCybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model’s (LLM) safety and content moderation guardrails with just a single character change.
“The TokenBreak attack targets a text classification model’s tokenization strategy to induce false negatives, leaving end targets vulnerable to attacks that the implemented
The Hacker News – Read More
The AI Arms Race: Deepfake Generation vs. Detection
/in General NewsAI-generated voice deepfakes have crossed the uncanny valley, fueling a surge in fraud that outpaces traditional security measures. Detection technology is racing to keep up.
The post The AI Arms Race: Deepfake Generation vs. Detection appeared first on SecurityWeek.
SecurityWeek – Read More
The $200,000 Zoom call
/in General NewsA crypto CEO shared his screen. What happened next unraveled his digital life.
The Record from Recorded Future News – Read More
AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
/in General NewsAI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you’re not paying attention.
Behind every AI agent, chatbot, or automation script lies a growing number of non-human identities — API keys, service accounts, OAuth tokens — silently operating in the background.
And here’s
The Hacker News – Read More
Ransomware attack on ticketing platform upends South Korean entertainment industry
/in General NewsYes24, a South Korean ticketing platform and online bookseller, has been disrupted for days after a ransomware attack, with effects rippling into K-pop concerts, theater performances and more.
The Record from Recorded Future News – Read More
New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches
/in General NewsThe new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data.
The post New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches appeared first on SecurityWeek.
SecurityWeek – Read More
Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior
/in General NewsHirundo tackles AI hallucinations and bias by making trained models “forget” poisoned, malicious, and confidential data.
The post Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior appeared first on SecurityWeek.
SecurityWeek – Read More
EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data
/in General NewsAim Labs uncovers EchoLeak, a zero-click AI flaw in Microsoft 365 Copilot that allows data theft via email. Learn how this vulnerability enables sensitive information exfiltration without user interaction and its implications for AI security.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More