BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability
/in General NewsProfessional hackers have built a network of ASUS routers that can survive firmware upgrades, factory reboots and most anti-malware scans.
The post GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Our favorite budget video doorbell gets an upgrade – see what’s new with Amazon’s Blink
/in General NewsThe second-generation Blink Video Doorbell delivers a wider field of view, enhanced night vision, upgraded person detection, and more.
Latest stories for ZDNET in Security – Read More
Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari
/in General NewsPALO ALTO, California, 29th May 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
New Malware Spotted Corrupts Its Own Headers to Block Analysis
/in General NewsFortinet spots new malware that corrupts its own headers to block forensic analysis, hide behavior, and communicate with its C2 server.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Victoria’s Secret Website Taken Offline After Cyberattack
/in General NewsWebsite remains offline following suspected cyber incident, as experts warn of escalating threats targeting major retailers
The post Victoria’s Secret Website Taken Offline After Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
Adidas Data Breach Linked to Third-Party Vendor
/in General NewsAdidas said hackers accessed a “third-party customer service provider” and stole customer information.
The post Adidas Data Breach Linked to Third-Party Vendor appeared first on SecurityWeek.
SecurityWeek – Read More
Webinar Today: Why Context is a Secret Weapon in Application Security Posture Management
/in General NewsJoin the live webinar to understand why data in itself is not enough to make informed decisions for prioritization.
The post Webinar Today: Why Context is a Secret Weapon in Application Security Posture Management appeared first on SecurityWeek.
SecurityWeek – Read More
The US Is Storing Migrant Children’s DNA in a Criminal Database
/in General NewsCustoms and Border Protection has swabbed the DNA of migrant children as young as 4, whose genetic data is uploaded to an FBI-run database that can track them if they commit crimes in the future.
Security Latest – Read More
‘Haozi’ Gang Sells Turnkey Phishing Tools to Amateurs
/in General NewsThe phishing operation is using Telegram groups to sell a phishing-as-a-service kit with customer service, a mascot, and infrastructure that requires little technical knowledge to install.
darkreading – Read More
Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025
/in General NewsAgentic AI can be a great tool for many of the ‘gray area’ tasks that SOC analysts undertake.
The post Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025 appeared first on SecurityWeek.
SecurityWeek – Read More