BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation
/in General NewsA multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software.
To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the crypting service on May 27, 2025, in
The Hacker News – Read More
‘Earth Lamia’ Exploits Known SQL, RCE Bugs Across Asia
/in General NewsA “highly active” Chinese threat group is taking proverbial candy from babies, exploiting known bugs in exposed servers to steal data from organizations in sensitive sectors.
darkreading – Read More
FBI Warns of Filipino Tech Company Running Sprawling Crypto Scams
/in General NewsThe US Treasury said cryptocurrency investment schemes like the ones facilitated by Funnull Technology Inc. have cost Americans billions of dollars annually.
darkreading – Read More
A Hacker May Have Deepfaked Trump’s Chief of Staff in a Phishing Campaign
/in General NewsPlus: An Iranian man pleads guilty to a Baltimore ransomware attack, Russia’s nuclear blueprints get leaked, a Texas sheriff uses license plate readers to track a woman who got an abortion, and more.
Security Latest – Read More
Hospitals in Maine, New Hampshire limit services after cyberattack on Catholic health org
/in General NewsThree hospitals run by Catholic healthcare organization Covenant Health are dealing with a cyberattack that forced the facilities to shut off all access to data systems.
The Record from Recorded Future News – Read More
Senators call on Trump admin to reinstate cyber review board for Salt Typhoon investigation
/in General NewsSeveral Senate Democrats called on Homeland Security Secretary Kristi Noem to reestablish the Cyber Safety Review Board (CSRB) so it could continue looking into China-linked hacks.
The Record from Recorded Future News – Read More
White House investigating how Trump’s chief of staff’s phone was hacked
/in General NewsHackers reportedly accessed Wiles’ phone contacts, which were used to impersonate her.
Security News | TechCrunch – Read More
Is T-Mobile secretly recording your phone’s screen? How to check and turn it off
/in General NewsA new feature has customers worried, but T-Mobile says it’s meant to be helpful. Either way, you can disable it. Here’s how.
Latest stories for ZDNET in Security – Read More
US Sanctions Philippine Company for Supporting Crypto Scams
/in General NewsThe US Treasury Department US has slapped sanctions on Funnull Technology for providing support to cryptocurrency investment scams.
The post US Sanctions Philippine Company for Supporting Crypto Scams appeared first on SecurityWeek.
SecurityWeek – Read More
Firebase, Google Apps Script Abused in Fresh Phishing Campaigns
/in General NewsSecurity researchers flag two phishing campaigns abusing Firebase and Google Apps Script to host malware and fake login pages.
The post Firebase, Google Apps Script Abused in Fresh Phishing Campaigns appeared first on SecurityWeek.
SecurityWeek – Read More