BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Cybersecurity Gaps Leave Doors Wide Open
/in General NewsAttackers don’t always need to resort to sophisticated gambits to break and enter; organizations often make it easy for them to walk right in.
darkreading – Read More
Penetration Testing Services: Strengthening Cybersecurity Against Evolving Threats
/in General NewsCybersecurity threats are evolving at an unprecedented pace, leaving organizations vulnerable to large-scale attacks. Security breaches and data…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
OpenAI Offering $100K Bounties for Critical Vulnerabilities
/in General NewsOpenAI has raised its maximum bug bounty payout to $100,000 (up from $20,000) for high-impact flaws in its infrastructure and products.
The post OpenAI Offering $100K Bounties for Critical Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
SignalGate Isn’t About Signal
/in General NewsThe Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.
Security Latest – Read More
Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication
/in General NewsCVE-2025-22230 is described as an “authentication bypass vulnerability” by Broadcom, allowing hackers to perform high-privilege operations without the necessary credentials.
Security | TechRepublic – Read More
5 best Linux distros for staying anonymous – when a VPN isn’t enough
/in General NewsNeed serious privacy on a regular basis? Work with these distributions, and you’ll leave no trace. There’s even a Windows and MacOS option.
Latest stories for ZDNET in Security – Read More
Leaked data exposes a Chinese AI censorship machine
/in General NewsOne academic who reviewed the dataset said it was “clear evidence” that China, or its affiliates, wants to use AI to improve repression.
Security News | TechCrunch – Read More
New npm Malware Attack Infects Popular Ethereum Library with Backdoor
/in General NewsSecurity researchers at ReversingLabs have discovered a new malware campaign on the npm package repository, revealing a new…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Russian Ransomware Gang Exploited Windows Zero-Day Before Patch
/in General NewsExploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub)
The post Russian Ransomware Gang Exploited Windows Zero-Day Before Patch appeared first on SecurityWeek.
SecurityWeek – Read More
Has GetReal cracked the code on AI deepfakes? $18M and an impressive client list says yes
/in General NewsThe proliferation of scarily realistic deepfakes is one of the more pernicious byproducts of the rise of AI, and falling victim to scams based on these deepfakes is already costing companies millions of dollars — not to mention the implications these could have on national security. A startup that’s built a toolset aimed at governments […]
Security News | TechCrunch – Read More