BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Palo Alto Networks Confirms Exploitation of Firewall Vulnerability
/in General NewsPalo Alto Networks has confirmed that a recently patched firewall vulnerability tracked as CVE-2025-0108 is being actively exploited.
The post Palo Alto Networks Confirms Exploitation of Firewall Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Ex-NSO Group CEO’s Security Firm Dream Raises $100M at $1.1B Valuation
/in General NewsIsraeli cybersecurity startup Dream has raised $100 million in Series B funding and is now valued at $1.1 billion.
The post Ex-NSO Group CEO’s Security Firm Dream Raises $100M at $1.1B Valuation appeared first on SecurityWeek.
SecurityWeek – Read More
New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials
/in General NewsSecurity vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services.
“This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP’s configuration and cause the MFP
The Hacker News – Read More
Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers
/in General NewsCybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar.
MageCart is the name given to a malware that’s capable of stealing sensitive payment information from online shopping sites. The attacks are known to
The Hacker News – Read More
Duo Wins $50K Bug Bounty for Supply Chain Flaw in Newly Acquired Firm
/in General NewsResearchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Holiverse Makes NASA’s Latest Achievements Accessible to Everyone
/in General NewsPeople around the world learned about the latest advancements in the American space industry! This was made possible…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
/in General NewsMicrosoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.
“Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,” the Microsoft Threat Intelligence team said in a post shared on X.
“These enhanced features add to
The Hacker News – Read More
Shadow AI: How unapproved AI apps are compromising security, and what you can do about it
/in General NewsSecurity leaders and CISOs are discovering that a growing swarm of shadow AI apps has been compromising their networks for over a year.Read More
Security News | VentureBeat – Read More
Hackers Exploit Telegram API to Spread New Golang Backdoor
/in General NewsThe new Golang backdoor uses Telegram for command and control. Netskope discovers malware that exploits Telegram’s API for…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
10 Key SOC Challenges and How AI Addresses Them
/in General NewsSOC challenges like alert fatigue, skill shortages and slow response impact cybersecurity. AI-driven solutions enhance SOC efficiency, automation…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More