BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Has GetReal cracked the code on AI deepfakes? $18M and an impressive client list says yes
/in General NewsThe proliferation of scarily realistic deepfakes is one of the more pernicious byproducts of the rise of AI, and falling victim to scams based on these deepfakes is already costing companies millions of dollars — not to mention the implications these could have on national security. A startup that’s built a toolset aimed at governments […]
Security News | TechCrunch – Read More
Next.js Middleware Flaw Lets Attackers Bypass Authorization
/in General NewsResearchers have uncovered a critical vulnerability (CVE-2025-29927) in Next.js middleware, allowing authorization bypass. Learn about the exploit and fixes.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
AMTSO Releases Sandbox Evaluation Framework
/in General NewsAMTSO has developed a Sandbox Evaluation Framework to standardize the testing of malware analysis solutions.
The post AMTSO Releases Sandbox Evaluation Framework appeared first on SecurityWeek.
SecurityWeek – Read More
Groq and PlayAI just made voice AI sound way more human — here’s how
/in General NewsGroq partners with PlayAI to deliver Dialog, an emotionally intelligent text-to-speech model that runs 10x faster than real-time speech, including the Middle East’s first Arabic voice AI model.Read More
Security News | VentureBeat – Read More
Island Banks $250M Series E for Enterprise Browser
/in General NewsThe late-stage startup said the round was led Coatue Management and brings Island’s total external funding to approximately $730 million.
The post Island Banks $250M Series E for Enterprise Browser appeared first on SecurityWeek.
SecurityWeek – Read More
Beyond STIX: Next-Level Cyber-Threat Intelligence
/in General NewsWhile industry experts continue to analyze, interpret, and act on threat data, the complexity of cyber threats necessitates solutions that can quickly convert expert knowledge into machine-readable formats.
darkreading – Read More
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
/in General NewsThe Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor’s tradecraft.
The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt.
RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating
The Hacker News – Read More
‘Lucid’ Phishing-as-a-Service Exploits Faults in iMessage, Android RCS
/in General NewsCybercriminals in China have figured out how to undermine the strengths of mobile messaging protocols.
darkreading – Read More
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
/in General NewsThe threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC.
“In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,
The Hacker News – Read More
Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras
/in General NewsProduction line monitoring cameras made by Inaba can be hacked for surveillance and sabotage, but they remain unpatched.
The post Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras appeared first on SecurityWeek.
SecurityWeek – Read More