BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It
/in General NewsWhether it’s CRMs, project management tools, payment processors, or lead management tools – your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more.
A new report, Understanding SaaS Security Risks: Why
The Hacker News – Read More
T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit
/in General NewsT-Mobile paid $33 million in a private arbitration process over a SIM swap attack leading to cryptocurrency theft.
The post T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit appeared first on SecurityWeek.
SecurityWeek – Read More
Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration
/in General NewsCybersecurity researcher Jeremiah Fowler discovered a data exposure at Australian fintech Vroom by YouX, exposing 27,000 records, including driver’s licenses, bank statements, and more.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
AI Security Firm Straiker Emerges From Stealth With $21M in Funding
/in General NewsStraiker has emerged from stealth mode with a solution designed to help enterprises secure AI agents and applications.
The post AI Security Firm Straiker Emerges From Stealth With $21M in Funding appeared first on SecurityWeek.
SecurityWeek – Read More
More Solar System Vulnerabilities Expose Power Grids to Hacking
/in General NewsForescout has found dozens of vulnerabilities in solar power systems from Sungrow, Growatt and SMA.
The post More Solar System Vulnerabilities Expose Power Grids to Hacking appeared first on SecurityWeek.
SecurityWeek – Read More
High-Severity Cloud Security Alerts Tripled in 2024
/in General NewsAttackers aren’t just spending more time targeting the cloud — they’re ruthlessly stealing more sensitive data and accessing more critical systems than ever before.
darkreading – Read More
Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
/in General NewsHackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system.
Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them.
1.
The Hacker News – Read More
Which Top Cybersecurity Role of 2024 Was Featured in 64,000+ Job Postings?
/in General NewsIT and security workforce management firm CyberSN surveyed job listings from 2022 to 2024. Yes, decreases in demand for some job titles may be related to AI.
Security | TechRepublic – Read More
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
/in General NewsAn ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date.
“The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor’s browser,” c/side security analyst Himanshu
The Hacker News – Read More
NHS vendor Advanced to pay £3M fine following 2022 ransomware attack
/in General NewsNHS vendor Advanced will pay just over £3 million ($3.8 million) in fines for not implementing basic security measures before it suffered a ransomware attack in 2022, the U.K.’s data protection regulator has confirmed. It’s half the fine that the Information Commissioner’s Office had initially sought in August 2024, when the data watchdog said it […]
Security News | TechCrunch – Read More