BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Why Scamming Can’t Be Stopped—But It Can Be Managed
/in General NewsWith crime-as-a-service lowering the barrier to entry and prosecution lagging behind, enterprise security teams must rethink their strategies to detect and disrupt scams at scale.
The post Why Scamming Can’t Be Stopped—But It Can Be Managed appeared first on SecurityWeek.
SecurityWeek – Read More
1,000 Instantel Industrial Monitoring Devices Possibly Exposed to Hacking
/in General NewsA critical command execution vulnerability has been found by a researcher in Instantel Micromate monitoring units.
The post 1,000 Instantel Industrial Monitoring Devices Possibly Exposed to Hacking appeared first on SecurityWeek.
SecurityWeek – Read More
MainStreet Bank Data Breach Impacts Customer Payment Cards
/in General NewsThe incident occurred in March and impacted the personally identifiable information of approximately 4.65% of MainStreet Bancshares’ customers.
The post MainStreet Bank Data Breach Impacts Customer Payment Cards appeared first on SecurityWeek.
SecurityWeek – Read More
Wyze’s new Bulb Cam turns any light socket into a 2K camera – for just $50
/in General NewsThe new Wyze Bulb Cam replaces light bulbs and offers extra security coverage built into a motion-activated smart light.
Latest stories for ZDNET in Security – Read More
Europol Targets Over 2,000 Extremist Links Exploiting Minors Online
/in General NewsEuropol targets extremist online content exploiting minors, tackling rising use of AI, propaganda, and grooming across Europe’s digital platforms.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization
/in General NewsIn the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently looking like hundreds of millions in lost profits for M&S alone.
This coverage is extremely valuable for the cybersecurity community as it raises
The Hacker News – Read More
Over 30 Vulnerabilities Patched in Android
/in General NewsThe latest Android updates fix vulnerabilities in Runtime, Framework, System, and third-party components of the mobile OS.
The post Over 30 Vulnerabilities Patched in Android appeared first on SecurityWeek.
SecurityWeek – Read More
Australia Enforces Ransomware Payment Reporting
/in General NewsCovered organizations in Australia are now required to report ransomware and other cyber extortion payments within three days.
The post Australia Enforces Ransomware Payment Reporting appeared first on SecurityWeek.
SecurityWeek – Read More
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets
/in General NewsA growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America.
The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim’s contacts list.
“Recent
The Hacker News – Read More
Google Researchers Find New Chrome Zero-Day
/in General NewsReported by the Google Threat Analysis Group, the vulnerability might have been exploited by commercial spyware.
The post Google Researchers Find New Chrome Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More