BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
macOS Users Warned of New Versions of ReaderUpdate Malware
/in General NewsmacOS users are targeted with multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages.
The post macOS Users Warned of New Versions of ReaderUpdate Malware appeared first on SecurityWeek.
SecurityWeek – Read More
Crypto Heist Suspect “Wiz” Arrested After $243 Million Theft
/in General NewsVeer Chetal, known online as “Wiz” and one of the key suspects in the massive $243 million cryptocurrency heist, has been apprehended by U.S. Marshals.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Critical Next.js Vulnerability in Hacker Crosshairs
/in General NewsThreat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js.
The post Critical Next.js Vulnerability in Hacker Crosshairs appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms
/in General NewsThreat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security.
Atlantis AIO “has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession,” the cybersecurity company said in an analysis.
Credential stuffing is a
The Hacker News – Read More
Public-Private Ops Net Big Wins Against African Cybercrime
/in General NewsThree cybersecurity firms worked with Interpol and authorities in Nigeria, South Africa, Rwanda, and four other African nations to arrest more than 300 cybercriminals.
darkreading – Read More
New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
/in General NewsBroadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass.
Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS).
“VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control,” Broadcom said in an
The Hacker News – Read More
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
/in General NewsGoogle has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.
The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on Windows.” Mojo refers to a
The Hacker News – Read More
Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky
/in General NewsThe vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks in Russian.
The post Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky appeared first on SecurityWeek.
SecurityWeek – Read More
How to tell if your online accounts have been hacked
/in General NewsThis is a guide on how to check whether someone compromised your online accounts.
Security News | TechCrunch – Read More
After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot
/in General NewsMicrosoft is partnering with top firms to launch new AI security tools, boosting breach analysis, threat detection, and AI model protection across cloud platforms.
Security | TechRepublic – Read More