BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] ABB Cylon Aspect Studio 3.08.03 - Binary Planting
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [webapps] Java-springboot-codebase 1.1 - Arbitrary File Read
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [remote] ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation
- [remote] Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
Voltron Data just partnered with Accenture to solve one of AI’s biggest headaches
/in General NewsVoltron Data partners with Accenture to revolutionize enterprise data processing with GPU-powered analytics engine Theseus, promising up to 100x performance gains for AI-driven companies facing massive data challenges.Read More
Security News | VentureBeat – Read More
Google Ad-Tech Users Can Target National Security ‘Decision Makers’ and People With Chronic Diseases
/in General NewsGoogle enables marketers to target people with serious illnesses and crushing debt—against its policies—as well as the makers of classified defense technology, a WIRED investigation has found.
Security Latest – Read More
Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
/in General NewsA previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases.
The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw
The Hacker News – Read More
PoC Exploit Published for Critical Ivanti EPM Vulnerabilities
/in General NewsProof-of-concept (PoC) code and technical details on four critical-severity Ivanti EPM vulnerabilities are now available.
The post PoC Exploit Published for Critical Ivanti EPM Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
FBI and CISA Warn of Ghost Ransomware: A Threat to Firms Worldwide
/in General NewsFBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Microsoft Patches Exploited Power Pages Vulnerability
/in General NewsMicrosoft has patched CVE-2025-24989, a Power Pages privilege escalation vulnerability that has been exploited in attacks.
The post Microsoft Patches Exploited Power Pages Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
How One AI Startup Founder Cornered Microsoft Into Finally Taking Down Explicit Videos of Her
/in General NewsBreeze Liu has been a prominent advocate for victims. But even she struggled to scrub nonconsensual intimate images and videos of herself from the web.
Security Latest – Read More
‘Darcula’ Phishing Kit Can Now Impersonate Any Brand
/in General NewsWith Version 3, would-be phishers can cut and paste a big brand’s URL into a template and let automation do the rest.
darkreading – Read More
Aqara’s first outdoor camera is this smart home enthusiast’s dream device – here’s why
/in General NewsCombining home security with hub capability, the Aqara Camera Hub G5 Pro also delivers AI-powered visual recognition features – all without a subscription.
Latest stories for ZDNET in Security – Read More
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
/in General NewsCitrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0
It has been described as a case of improper privilege management that could
The Hacker News – Read More