BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] ABB Cylon Aspect Studio 3.08.03 - Binary Planting
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [webapps] Java-springboot-codebase 1.1 - Arbitrary File Read
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [remote] ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation
- [remote] Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
Singulr Launches With $10M in Funding for AI Security and Governance Platform
/in General NewsSingulr AI announced its launch with $10 million in seed funding raised for an enterprise AI security and governance platform.
The post Singulr Launches With $10M in Funding for AI Security and Governance Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Golang Backdoor Abuses Telegram for C&C Communication
/in General NewsA newly discovered Golang backdoor is abusing Telegram for communication with its command-and-control (C&C) server.
The post Golang Backdoor Abuses Telegram for C&C Communication appeared first on SecurityWeek.
SecurityWeek – Read More
Debunking the AI Hype: Inside Real Hacker Tactics
/in General NewsIs AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs’ Red Report 2025 which analyzed over one million malware samples, there’s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a
The Hacker News – Read More
Microsoft Warns of Improved XCSSET macOS Malware
/in General NewsMicrosoft has observed a new variant of the XCSSET malware being used in limited attacks against macOS users.
The post Microsoft Warns of Improved XCSSET macOS Malware appeared first on SecurityWeek.
SecurityWeek – Read More
Palo Alto Networks Confirms Exploitation of Firewall Vulnerability
/in General NewsPalo Alto Networks has confirmed that a recently patched firewall vulnerability tracked as CVE-2025-0108 is being actively exploited.
The post Palo Alto Networks Confirms Exploitation of Firewall Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Ex-NSO Group CEO’s Security Firm Dream Raises $100M at $1.1B Valuation
/in General NewsIsraeli cybersecurity startup Dream has raised $100 million in Series B funding and is now valued at $1.1 billion.
The post Ex-NSO Group CEO’s Security Firm Dream Raises $100M at $1.1B Valuation appeared first on SecurityWeek.
SecurityWeek – Read More
New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials
/in General NewsSecurity vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services.
“This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP’s configuration and cause the MFP
The Hacker News – Read More
Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers
/in General NewsCybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar.
MageCart is the name given to a malware that’s capable of stealing sensitive payment information from online shopping sites. The attacks are known to
The Hacker News – Read More
Duo Wins $50K Bug Bounty for Supply Chain Flaw in Newly Acquired Firm
/in General NewsResearchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Holiverse Makes NASA’s Latest Achievements Accessible to Everyone
/in General NewsPeople around the world learned about the latest advancements in the American space industry! This was made possible…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More