BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] ABB Cylon Aspect Studio 3.08.03 - Binary Planting
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [webapps] Java-springboot-codebase 1.1 - Arbitrary File Read
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [remote] ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation
- [remote] Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
/in General NewsMicrosoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.
“Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,” the Microsoft Threat Intelligence team said in a post shared on X.
“These enhanced features add to
The Hacker News – Read More
Shadow AI: How unapproved AI apps are compromising security, and what you can do about it
/in General NewsSecurity leaders and CISOs are discovering that a growing swarm of shadow AI apps has been compromising their networks for over a year.Read More
Security News | VentureBeat – Read More
Hackers Exploit Telegram API to Spread New Golang Backdoor
/in General NewsThe new Golang backdoor uses Telegram for command and control. Netskope discovers malware that exploits Telegram’s API for…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
10 Key SOC Challenges and How AI Addresses Them
/in General NewsSOC challenges like alert fatigue, skill shortages and slow response impact cybersecurity. AI-driven solutions enhance SOC efficiency, automation…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
New FinalDraft Malware Spotted in Espionage Campaign
/in General NewsA newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API.
The post New FinalDraft Malware Spotted in Espionage Campaign appeared first on SecurityWeek.
SecurityWeek – Read More
Replit and Anthropic’s AI just helped Zillow build production software—without a single engineer
/in General NewsReplit partners with Anthropic’s Claude and Google Cloud to enable non-programmers to build enterprise software, as Zillow and others deploy AI-generated applications at scale, signaling a shift in who can create valuable business software.Read More
Security News | VentureBeat – Read More
HashFlare Fraud: Two Estonians Admit to Running $577M Crypto Scam
/in General NewsTwo Estonian nationals plead guilty to a $577M cryptocurrency Ponzi scheme through HashFlare, defrauding hundreds of thousands globally.…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Russian State Hackers Target Organizations With Device Code Phishing
/in General NewsRussian hackers have been targeting government, defense, telecoms, and other organizations in a device code phishing campaign.
The post Russian State Hackers Target Organizations With Device Code Phishing appeared first on SecurityWeek.
SecurityWeek – Read More
127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police
/in General NewsAfter governments announced sanctions against the Zservers/XHost bulletproof hosting service, Dutch police took 127 servers offline.
The post 127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police appeared first on SecurityWeek.
SecurityWeek – Read More
Downloads of DeepSeek’s AI Apps Paused in South Korea Over Privacy Concerns
/in General NewsDeepSeek has temporarily paused downloads of its chatbot apps in South Korea while it works with local authorities to address privacy concerns.
The post Downloads of DeepSeek’s AI Apps Paused in South Korea Over Privacy Concerns appeared first on SecurityWeek.
SecurityWeek – Read More