BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
- Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
- Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames
- Torward - An Improved Version Based On The Torghost-Gn And Darktor Scripts, Designed To Enhance Anonymity On The Internet
- Instagram-Brute-Force-2024 - Instagram Brute Force 2024 Compatible With Python 3.13 / X64 Bit / Only Chrome Browser
- QuickResponseC2 - A Command & Control Server That Leverages QR Codes To Send Commands And Receive Results From Remote Systems
- Telegram-Scraper - A Powerful Python Script That Allows You To Scrape Messages And Media From Telegram Channels Using The Telethon Library
- Moukthar - Android Remote Administration Tool
Exploit DB
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
- [webapps] Apache Commons Text 1.10.0 - Remote Code Execution
- [webapps] Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
- [webapps] Tatsu 3.3.11 - Unauthenticated RCE
- [remote] Langflow 1.3.0 - Remote Code Execution (RCE)
- [webapps] UJCMS 9.6.3 - User Enumeration via IDOR
- [webapps] Inventio Lite 4 - SQL Injection
- [webapps] KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
- [hardware] ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution
18,000 Organizations Impacted by NTT Com Data Breach
/in General NewsNTT Communications Corporation has disclosed a data breach impacting the information of nearly 18,000 customer organizations.
The post 18,000 Organizations Impacted by NTT Com Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
FBI says scammers are targeting US executives with fake BianLian ransom notes
/in General NewsThe FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website
/in General NewsA coalition of international law enforcement agencies has seized the website associated with the cryptocurrency exchange Garantex (“garantex[.]org”), nearly three years after the service was sanctioned by the U.S. Treasury Department in April 2022.
“The domain for Garantex has been seized by the United States Secret Service pursuant to a seizure warrant obtained by the United States Attorney’s
The Hacker News – Read More
Medusa Ransomware Attacks Increase
/in General NewsThe number of Medusa ransomware attacks observed in the first two months of 2025 doubled compared to the same period last year.
The post Medusa Ransomware Attacks Increase appeared first on SecurityWeek.
SecurityWeek – Read More
This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions
/in General NewsCybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that’s equipped to steal a victim’s Ethereum private keys by impersonating popular libraries.
The package in question is set-utils, which has received 1,077 downloads to date. It’s no longer available for download from the official registry.
“Disguised as a simple utility for Python
The Hacker News – Read More
Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets
/in General NewsMultiple Mirai-based botnets are exploiting CVE-2025-1316, an Edimax IP camera vulnerability that allows remote command execution.
The post Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets appeared first on SecurityWeek.
SecurityWeek – Read More
Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
/in General NewsSafe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a “highly sophisticated, state-sponsored attack,” stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts.
The multi-signature (multisig) platform, which has roped in Google Cloud Mandiant to
The Hacker News – Read More
Intel Maps New vPro Chips to MITRE’s ATT&CK Framework
/in General NewsThe PC Security Stack Mappings project improves the security posture of corporate PCs by aligning each of the security features found in vPro PC and Core Ultra chips with the techniques described in MITRE’s ATT&CK.
darkreading – Read More
PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors
/in General NewsThreat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025.
“The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines,” Cisco Talos researcher Chetan Raghuprasad said in a technical
The Hacker News – Read More
Armis Acquires OTORIO to Expand OT Exposure Management Platform
/in General NewsArmis will integrate OTORIO’s Titan platform with its cloud-based Centrix, bringing an on-premise option to the cloud-only offering.
darkreading – Read More