BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure
/in General NewsCryptocurrency mining operation hits exposed Consul dashboards, Docker Engine APIs and Gitea code-hosting instances to push Monero miner.
The post Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure appeared first on SecurityWeek.
SecurityWeek – Read More
Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU
/in General NewsQualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild.
The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below –
CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) – Two incorrect authorization vulnerabilities in the Graphics
The Hacker News – Read More
Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently
/in General NewsChipmaker says there are indications from Google Threat Analysis Group that a trio of flaws “may be under limited, targeted exploitation.”
The post Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently appeared first on SecurityWeek.
SecurityWeek – Read More
vBulletin Vulnerability Exploited in the Wild
/in General NewsExploitation of the vBulletin vulnerability tracked as CVE-2025-48827 and CVE-2025-48828 started shortly after disclosure.
The post vBulletin Vulnerability Exploited in the Wild appeared first on SecurityWeek.
SecurityWeek – Read More
Maximize Your Minecraft: Optimal PC Setup and Server Hosting Essentials
/in General NewsAmong all ages, Minecraft still rules the gaming scene as a preferred choice. The game provides a broad…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Iranian Robbinhood Ransomware Operator Pleads Guilty in US City Attacks
/in General NewsIranian Robbinhood ransomware operator pleads guilty to major US city attacks, crippling services in Baltimore, Greenville, and more since 2019.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats
/in General NewsThe evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated — leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses — security teams are finding more threats wreaking havoc before they can be detected. Even after an attack has been identified, it can
The Hacker News – Read More
Alleged Conti, TrickBot Gang Leader Unmasked
/in General NewsRussian national Vitaly Nikolaevich Kovalev is believed to be the leader of the Conti and TrickBot cybercrime groups.
The post Alleged Conti, TrickBot Gang Leader Unmasked appeared first on SecurityWeek.
SecurityWeek – Read More
Chrome to Distrust Chunghwa Telecom and Netlock Certificates
/in General NewsPatterns of concerning behavior led Google to remove trust in certificates from Chunghwa Telecom and Netlock from Chrome.
The post Chrome to Distrust Chunghwa Telecom and Netlock Certificates appeared first on SecurityWeek.
SecurityWeek – Read More
Backdoors in Python and NPM Packages Target Windows and Linux
/in General NewsCheckmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More