BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Technical Details Published for Critical Cisco IOS XE Vulnerability
/in General NewsThe critical flaw, tracked as CVE-2025-20188 (CVSS score of 10/10), allows attackers to execute arbitrary code remotely.
The post Technical Details Published for Critical Cisco IOS XE Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
US Government Is Investigating Messages Impersonating Trump’s Chief of Staff, Susie Wiles
/in General NewsElected officials, business executives and other prominent figures in recent weeks received messages from someone impersonating Susie Wiles.
The post US Government Is Investigating Messages Impersonating Trump’s Chief of Staff, Susie Wiles appeared first on SecurityWeek.
SecurityWeek – Read More
Counter Antivirus Service AVCheck Shut Down by Law Enforcement
/in General NewsCounter antivirus services such as AVCheck allow cybercriminals to test whether their malware is detected by antivirus products.
The post Counter Antivirus Service AVCheck Shut Down by Law Enforcement appeared first on SecurityWeek.
SecurityWeek – Read More
In Other News: PoC for Fortinet Bug, AI Model Subverts Shutdown, RAT Source Code Leaked
/in General NewsNoteworthy stories that might have slipped under the radar: simple PoC code released for Fortinet zero-day, OpenAI O3 disobeys shutdown orders, source code of SilverRAT emerges online.
The post In Other News: PoC for Fortinet Bug, AI Model Subverts Shutdown, RAT Source Code Leaked appeared first on SecurityWeek.
SecurityWeek – Read More
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
/in General NewsCybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia.
“In what appears to be a multi-stage phishing operation, the attackers
The Hacker News – Read More
Flowable’s Smart Automation Tools Are Reshaping How Enterprises Operate in 2025
/in General NewsAs more businesses face pressure to do more with fewer resources, automation platforms like Flowable are becoming central…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
When your LLM calls the cops: Claude 4’s whistle-blow and the new agentic AI risk stack
/in General NewsClaude 4’s “whistle-blow” surprise shows why agentic AI risk lives in prompts and tool access, not benchmarks. Learn the 6 controls every enterprise must adopt.Read More
Security News | VentureBeat – Read More
Interlock Ransomware Deploys New NodeSnake RAT in UK Attacks
/in General NewsQuorum Cyber identifies two new NodeSnake RAT variants, strongly attributed to Interlock ransomware, impacting UK higher education and local government.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
/in General NewsTwo information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).
Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like
The Hacker News – Read More
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation
/in General NewsA multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software.
To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the crypting service on May 27, 2025, in
The Hacker News – Read More