BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
‘Lucid’ Phishing-as-a-Service Exploits Faults in iMessage, Android RCS
/in General NewsCybercriminals in China have figured out how to undermine the strengths of mobile messaging protocols.
darkreading – Read More
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
/in General NewsThe threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC.
“In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,
The Hacker News – Read More
Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras
/in General NewsProduction line monitoring cameras made by Inaba can be hacked for surveillance and sabotage, but they remain unpatched.
The post Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras appeared first on SecurityWeek.
SecurityWeek – Read More
SplxAI Raises $7 Million for AI Security Platform
/in General NewsSplxAI has raised $7 million in a seed funding round led by LAUNCHub Ventures to secure agentic AI systems.
The post SplxAI Raises $7 Million for AI Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More
New Ransomware Group Claims Attack on US Telecom Firm WideOpenWest
/in General NewsA new ransomware group called Arkana claims to have compromised the US telecommunications provider WideOpenWest.
The post New Ransomware Group Claims Attack on US Telecom Firm WideOpenWest appeared first on SecurityWeek.
SecurityWeek – Read More
macOS Users Warned of New Versions of ReaderUpdate Malware
/in General NewsmacOS users are targeted with multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages.
The post macOS Users Warned of New Versions of ReaderUpdate Malware appeared first on SecurityWeek.
SecurityWeek – Read More
Crypto Heist Suspect “Wiz” Arrested After $243 Million Theft
/in General NewsVeer Chetal, known online as “Wiz” and one of the key suspects in the massive $243 million cryptocurrency heist, has been apprehended by U.S. Marshals.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Critical Next.js Vulnerability in Hacker Crosshairs
/in General NewsThreat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js.
The post Critical Next.js Vulnerability in Hacker Crosshairs appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms
/in General NewsThreat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security.
Atlantis AIO “has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession,” the cybersecurity company said in an analysis.
Credential stuffing is a
The Hacker News – Read More
Public-Private Ops Net Big Wins Against African Cybercrime
/in General NewsThree cybersecurity firms worked with Interpol and authorities in Nigeria, South Africa, Rwanda, and four other African nations to arrest more than 300 cybercriminals.
darkreading – Read More