BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
PoC Exploit Published for Critical Ivanti EPM Vulnerabilities
/in General NewsProof-of-concept (PoC) code and technical details on four critical-severity Ivanti EPM vulnerabilities are now available.
The post PoC Exploit Published for Critical Ivanti EPM Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
FBI and CISA Warn of Ghost Ransomware: A Threat to Firms Worldwide
/in General NewsFBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Microsoft Patches Exploited Power Pages Vulnerability
/in General NewsMicrosoft has patched CVE-2025-24989, a Power Pages privilege escalation vulnerability that has been exploited in attacks.
The post Microsoft Patches Exploited Power Pages Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
How One AI Startup Founder Cornered Microsoft Into Finally Taking Down Explicit Videos of Her
/in General NewsBreeze Liu has been a prominent advocate for victims. But even she struggled to scrub nonconsensual intimate images and videos of herself from the web.
Security Latest – Read More
‘Darcula’ Phishing Kit Can Now Impersonate Any Brand
/in General NewsWith Version 3, would-be phishers can cut and paste a big brand’s URL into a template and let automation do the rest.
darkreading – Read More
Aqara’s first outdoor camera is this smart home enthusiast’s dream device – here’s why
/in General NewsCombining home security with hub capability, the Aqara Camera Hub G5 Pro also delivers AI-powered visual recognition features – all without a subscription.
Latest stories for ZDNET in Security – Read More
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
/in General NewsCitrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0
It has been described as a case of improper privilege management that could
The Hacker News – Read More
Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
/in General NewsMicrosoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.
The vulnerabilities are listed below –
CVE-2025-21355 (CVSS score: 8.6) – Microsoft Bing Remote Code Execution Vulnerability
CVE-2025-24989 (CVSS score: 8.2) – Microsoft Power Pages Elevation of Privilege Vulnerability
”
The Hacker News – Read More
DOGE Now Has Access to the Top US Cybersecurity Agency
/in General NewsDOGE technologists Edward Coristine—the 19-year-old known online as “Big Balls”—and Kyle Schutt are now listed as staff at the Cybersecurity and Infrastructure Security Agency.
Security Latest – Read More
Australian Critical Infrastructure Faces ‘Acute’ Foreign Threats
/in General NewsThe continent faces “relentless” military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director.
darkreading – Read More