BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Rooted Androids 3,000x More Likely to Be Breached, Even iPhones Not Safe
/in General NewsA new Zimperium report reveals that rooted Android phones and jailbroken iOS devices face growing threats, with advanced toolkits making detection nearly impossible for cybersecurity researchers.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Are We Closing the Gender Gap in Cybersecurity?
/in General NewsAnswer: Nope. But let’s look at the trends — because they matter for security.
darkreading – Read More
Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems
/in General NewsVeeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution.
The vulnerability, tracked as CVE-2025-23120, carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12 builds.
“A vulnerability allowing remote code execution (RCE) by authenticated domain users,” the
The Hacker News – Read More
Veeam Patches Critical Vulnerability in Backup & Replication
/in General NewsVeeam has released patches for a critical-severity remote code execution vulnerability in Backup & Replication.
The post Veeam Patches Critical Vulnerability in Backup & Replication appeared first on SecurityWeek.
SecurityWeek – Read More
500,000 Impacted by Pennsylvania Teachers Union Data Breach
/in General NewsPennsylvania State Education Association says the personal information of over 500,000 individuals was stolen in a data breach.
The post 500,000 Impacted by Pennsylvania Teachers Union Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Mobile Jailbreaks Exponentially Increase Corporate Risk
/in General NewsBoth Android devices and iPhones are 3.5 times more likely to be infected with malware once “broken” and 250 times more likely to be totally compromised, recent research shows.
darkreading – Read More
Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data
/in General NewsThe governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab.
Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance tool called Graphite that’s capable of harvesting sensitive data from instant messaging applications
The Hacker News – Read More
Hackers Target Cisco Smart Licensing Utility Vulnerabilities
/in General NewsSANS is seeing attempts to exploit two critical Cisco Smart Licensing Utility vulnerabilities tracked as CVE-2024-20439 and CVE-2024-20440.
The post Hackers Target Cisco Smart Licensing Utility Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Amazon Ends Little-Used Privacy Feature That Let Echo Users Opt Out of Sending Recordings to Company
/in General NewsAmazon is ending a little-used privacy feature that let some users of its Echo smart speaker prevent their voice commands from going to the company’s cloud.
The post Amazon Ends Little-Used Privacy Feature That Let Echo Users Opt Out of Sending Recordings to Company appeared first on SecurityWeek.
SecurityWeek – Read More
300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads
/in General NewsOver 300 malicious applications displaying intrusive full-screen interstitial video ads amassed more than 60 million downloads on Google Play.
The post 300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads appeared first on SecurityWeek.
SecurityWeek – Read More