BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
/in General NewsYouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users.
“What’s intriguing about this malware is how much it collects,” Kaspersky said in an analysis. “It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla, and
The Hacker News – Read More
Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems
/in General NewsThreat intelligence startup GreyNoise says it has observed a ‘notable resurgence’ in attack activity
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Through the Lens of Music: What Cybersecurity Can Learn From Joni Mitchell
/in General NewsA Joni Mitchell song from the 1960s can teach us a lot about securing hybrid and multi-cloud environments.
The post Through the Lens of Music: What Cybersecurity Can Learn From Joni Mitchell appeared first on SecurityWeek.
SecurityWeek – Read More
Rooted Androids 3,000x More Likely to Be Breached, Even iPhones Not Safe
/in General NewsA new Zimperium report reveals that rooted Android phones and jailbroken iOS devices face growing threats, with advanced toolkits making detection nearly impossible for cybersecurity researchers.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Are We Closing the Gender Gap in Cybersecurity?
/in General NewsAnswer: Nope. But let’s look at the trends — because they matter for security.
darkreading – Read More
Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems
/in General NewsVeeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution.
The vulnerability, tracked as CVE-2025-23120, carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12 builds.
“A vulnerability allowing remote code execution (RCE) by authenticated domain users,” the
The Hacker News – Read More
Veeam Patches Critical Vulnerability in Backup & Replication
/in General NewsVeeam has released patches for a critical-severity remote code execution vulnerability in Backup & Replication.
The post Veeam Patches Critical Vulnerability in Backup & Replication appeared first on SecurityWeek.
SecurityWeek – Read More
500,000 Impacted by Pennsylvania Teachers Union Data Breach
/in General NewsPennsylvania State Education Association says the personal information of over 500,000 individuals was stolen in a data breach.
The post 500,000 Impacted by Pennsylvania Teachers Union Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Mobile Jailbreaks Exponentially Increase Corporate Risk
/in General NewsBoth Android devices and iPhones are 3.5 times more likely to be infected with malware once “broken” and 250 times more likely to be totally compromised, recent research shows.
darkreading – Read More
Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data
/in General NewsThe governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab.
Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance tool called Graphite that’s capable of harvesting sensitive data from instant messaging applications
The Hacker News – Read More