BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
Zeus, IcedID Malware Gangs Leader Pleads Guilty, Faces 40 Years in Prison
/in General NewsVyacheslav Igorevich Penchukov, a Ukrainian cybercriminal, pleaded guilty to leading the Zeus and IcedID malware groups, involved in stealing millions of dollars and attacking a major hospital with ransomware.
Cyware News – Latest Cyber News – Read More
Like Seat Belts and Airbags, 2FA Must Be Mandatory ASAP
/in General NewsOne of the worst hacks in history demonstrated that any online service must force its users to adopt at least two-factor authentication. This must be applied everywhere ASAP as a public safety measure.
darkreading – Read More
Permit.io Raises $8 Million for Authorization Platform
/in General NewsTel Aviv startup raises $8 million in Series A funding to help developers add secure access approval flows to applications.
The post Permit.io Raises $8 Million for Authorization Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries
/in General NewsMultiple security flaws, including actively exploited vulnerabilities and weaknesses in the Integrity Checker Tool, have been discovered, highlighting the need for enhanced visibility and validation of digital supply chains in enterprise products.
Cyware News – Latest Cyber News – Read More
US State Department Puts $10M Bounty on ALPHV Ransomware Group
/in General NewsThe US State Department has announced a reward of up to $10 million for information on the leaders of the AlphV ransomware group, with an additional $5 million for details leading to the arrest of those involved in attacks.
Cyware News – Latest Cyber News – Read More
Vulnerabilities in CUSG CMS Exposed Credit Unions to Attacks
/in General NewsThree vulnerabilities in CU Solutions Group CMS exposed 275 credit unions to credential theft, account takeover.
The post Vulnerabilities in CUSG CMS Exposed Credit Unions to Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Unprotected Cloud Database Exposed Over 384 Million Records Including Sensitive Logs and Customer Data
/in General NewsA massive database leak from Zenlayer, a global network service provider, exposed 384,658,212 records, including sensitive customer data and internal operations logs, without basic password protection.
Cyware News – Latest Cyber News – Read More
Critical Software Vulnerabilities Impacting Credit Unions Discovered
/in General NewsOrganizations using versions prior to v7.75 of the web application are urged to upgrade, and all organizations using this CMS should enable multi-factor authentication immediately to prevent potential breaches.
Cyware News – Latest Cyber News – Read More
US Disrupts Russian Military Intelligence Botnet
/in General NewsU.S. law enforcement disrupted a criminal botnet, “Moobot,” which Russian military hackers had repurposed for global cyberespionage, leading to the FBI obtaining a warrant to modify infected routers and shut down the botnet.
Cyware News – Latest Cyber News – Read More
Newly Emerged JKwerlo Ransomware Targets Victims in France and Spain
/in General NewsJKwerlo’s utilization of lateral movement techniques and exploitation of legitimate services like Dropbox and GitHub highlight its capability to spread across networks and evade traditional security measures.
Cyware News – Latest Cyber News – Read More