BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website
/in General NewsA coalition of international law enforcement agencies has seized the website associated with the cryptocurrency exchange Garantex (“garantex[.]org”), nearly three years after the service was sanctioned by the U.S. Treasury Department in April 2022.
“The domain for Garantex has been seized by the United States Secret Service pursuant to a seizure warrant obtained by the United States Attorney’s
The Hacker News – Read More
Medusa Ransomware Attacks Increase
/in General NewsThe number of Medusa ransomware attacks observed in the first two months of 2025 doubled compared to the same period last year.
The post Medusa Ransomware Attacks Increase appeared first on SecurityWeek.
SecurityWeek – Read More
This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions
/in General NewsCybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that’s equipped to steal a victim’s Ethereum private keys by impersonating popular libraries.
The package in question is set-utils, which has received 1,077 downloads to date. It’s no longer available for download from the official registry.
“Disguised as a simple utility for Python
The Hacker News – Read More
Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets
/in General NewsMultiple Mirai-based botnets are exploiting CVE-2025-1316, an Edimax IP camera vulnerability that allows remote command execution.
The post Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets appeared first on SecurityWeek.
SecurityWeek – Read More
Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
/in General NewsSafe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a “highly sophisticated, state-sponsored attack,” stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts.
The multi-signature (multisig) platform, which has roped in Google Cloud Mandiant to
The Hacker News – Read More
Intel Maps New vPro Chips to MITRE’s ATT&CK Framework
/in General NewsThe PC Security Stack Mappings project improves the security posture of corporate PCs by aligning each of the security features found in vPro PC and Core Ultra chips with the techniques described in MITRE’s ATT&CK.
darkreading – Read More
PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors
/in General NewsThreat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025.
“The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines,” Cisco Talos researcher Chetan Raghuprasad said in a technical
The Hacker News – Read More
Armis Acquires OTORIO to Expand OT Exposure Management Platform
/in General NewsArmis will integrate OTORIO’s Titan platform with its cloud-based Centrix, bringing an on-premise option to the cloud-only offering.
darkreading – Read More
CISA, FBI warn of BianLian mail scam targeting executives with $500k ransom note
/in General NewsIn an alert on Thursday, the FBI said scammers are mailing letters to corporate executives claiming that they stole sensitive data and will publish it unless a demand is paid in Bitcoin.
The Record from Recorded Future News – Read More
Why 1Password’s new location feature is so handy – and how to try it for free
/in General NewsWherever you are – airport, hotel, doctor’s office – this top-rated password manager can now surface the passwords most relevant to your location.
Latest stories for ZDNET in Security – Read More