BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker
/in General NewsA new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin.
“Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia,” Silent Push said in a report shared with The
The Hacker News – Read More
Charm Security Emerges From Stealth With $8 Million in Funding
/in General NewsCharm Security has emerged from stealth mode with $8 million in funding for AI-powered scams and social engineering prevention.
The post Charm Security Emerges From Stealth With $8 Million in Funding appeared first on SecurityWeek.
SecurityWeek – Read More
Auto Draft
/in General NewsPost Content
techsplicer – Read More
Numotion Data Breach Impacts Nearly 500,000 People
/in General NewsEmail-related data breach suffered by wheelchair and other mobility equipment provider Numotion affects almost 500,000 individuals.
The post Numotion Data Breach Impacts Nearly 500,000 People appeared first on SecurityWeek.
SecurityWeek – Read More
CYREBRO Recognized in Gartner Emerging Tech Report for Detection and Response Startups
/in General NewsRamat Gan, Israel, 25th March 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Security teams can respond 80% faster to events with Cyberhaven’s AI-powered data lineage tools
/in General NewsThe security platform built specific large lineage models (LLiMs) to track data lifecycles across users and endpoints and detect shadow AI.Read More
Security News | VentureBeat – Read More
Chinese APT Weaver Ant Targeting Telecom Providers in Asia
/in General NewsWeaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access.
The post Chinese APT Weaver Ant Targeting Telecom Providers in Asia appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs
/in General NewsThreats themselves change very little, but the tactics used are continually revised to maximize the criminals’ return on investment and effort.
The post Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs appeared first on SecurityWeek.
SecurityWeek – Read More
Medusa Ransomware Disables Anti-Malware Tools with Stolen Certificates
/in General NewsCybercriminals exploit AbyssWorker driver to disable EDR systems, deploying MEDUSA ransomware with revoked certificates for stealthy attacks.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
IngressNightmare Flaws Expose Many Kubernetes Clusters to Remote Hacking
/in General NewsCritical remote code execution vulnerabilities found by Wiz researchers in Ingress NGINX Controller for Kubernetes.
The post IngressNightmare Flaws Expose Many Kubernetes Clusters to Remote Hacking appeared first on SecurityWeek.
SecurityWeek – Read More