BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Data broker giant LexisNexis says breach exposed personal information of over 364,000 people
/in General NewsThe data collector said the stolen data includes Social Security numbers.
Security News | TechCrunch – Read More
Zscaler Announces Deal to Acquire Red Canary
/in General NewsThe August acquisition will bring together Red Canary’s extensive integration ecosystem with Zscaler’s cloud transaction data to deliver an AI-powered security operations platform.
darkreading – Read More
Google warns of Vietnam-based hackers using bogus AI video generators to spread malware
/in General NewsHackers likely based in Vietnam advertised websites offering AI-powered video generation tools, according to Google’s Mandiant unit, and then used the sites to spread infostealers and other malware.
The Record from Recorded Future News – Read More
New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
/in General NewsEmbedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot.
Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.
“Rather than scanning the internet, the malware retrieves a list of targets from a command-and-control (C2) server
The Hacker News – Read More
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
/in General NewsA financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware.
The vulnerability in question is CVE-2025-32432, a maximum severity flaw in Craft CMS that was patched in
The Hacker News – Read More
OneDrive Gives Web Apps Full Read Access to All Files
/in General NewsSecurity researchers warn that OneDrive’s file sharing tool may grant third-party web apps access to all your files—not just the one you choose to upload.
The post OneDrive Gives Web Apps Full Read Access to All Files appeared first on SecurityWeek.
SecurityWeek – Read More
Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities
/in General NewsGoogle and Mozilla released patches for Chrome and FireFox to address a total of 21 vulnerabilities between the two browsers, including three rated high severity.
The post Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
How ‘Browser-in-the-Middle’ Attacks Steal Sessions in Seconds
/in General NewsWould you expect an end user to log on to a cybercriminal’s computer, open their browser, and type in their usernames and passwords? Hopefully not! But that’s essentially what happens if they fall victim to a Browser-in-the-Middle (BitM) attack.
Like Man-in-the-Middle (MitM) attacks, BiTM sees criminals look to control the data flow between the victim’s computer and the target service, as
The Hacker News – Read More
Vulnerabilities in CISA KEV Are Not Equally Critical: Report
/in General NewsNew report says organizations should always consider environmental context when assessing the impact of vulnerabilities in CISA KEV catalog.
The post Vulnerabilities in CISA KEV Are Not Equally Critical: Report appeared first on SecurityWeek.
SecurityWeek – Read More
The Root of AI Hallucinations: Physics Theory Digs Into the ‘Attention’ Flaw
/in General NewsPhysicist Neil Johnson explores how fundamental laws of nature could explain why AI sometimes fails—and what to do about it.
The post The Root of AI Hallucinations: Physics Theory Digs Into the ‘Attention’ Flaw appeared first on SecurityWeek.
SecurityWeek – Read More