BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
New FinalDraft Malware Spotted in Espionage Campaign
/in General NewsA newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API.
The post New FinalDraft Malware Spotted in Espionage Campaign appeared first on SecurityWeek.
SecurityWeek – Read More
Replit and Anthropic’s AI just helped Zillow build production software—without a single engineer
/in General NewsReplit partners with Anthropic’s Claude and Google Cloud to enable non-programmers to build enterprise software, as Zillow and others deploy AI-generated applications at scale, signaling a shift in who can create valuable business software.Read More
Security News | VentureBeat – Read More
HashFlare Fraud: Two Estonians Admit to Running $577M Crypto Scam
/in General NewsTwo Estonian nationals plead guilty to a $577M cryptocurrency Ponzi scheme through HashFlare, defrauding hundreds of thousands globally.…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Russian State Hackers Target Organizations With Device Code Phishing
/in General NewsRussian hackers have been targeting government, defense, telecoms, and other organizations in a device code phishing campaign.
The post Russian State Hackers Target Organizations With Device Code Phishing appeared first on SecurityWeek.
SecurityWeek – Read More
127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police
/in General NewsAfter governments announced sanctions against the Zservers/XHost bulletproof hosting service, Dutch police took 127 servers offline.
The post 127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police appeared first on SecurityWeek.
SecurityWeek – Read More
Downloads of DeepSeek’s AI Apps Paused in South Korea Over Privacy Concerns
/in General NewsDeepSeek has temporarily paused downloads of its chatbot apps in South Korea while it works with local authorities to address privacy concerns.
The post Downloads of DeepSeek’s AI Apps Paused in South Korea Over Privacy Concerns appeared first on SecurityWeek.
SecurityWeek – Read More
New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations
/in General NewsCybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications.
Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin.
“The malware is compiled in Golang and once executed it acts like a backdoor,” security researcher Leandro Fróes said in an analysis
The Hacker News – Read More
Xerox Versalink Printer Vulnerabilities Enable Lateral Movement
/in General NewsXerox released security updates to resolve pass-back attack vulnerabilities in Versalink multifunction printers.
The post Xerox Versalink Printer Vulnerabilities Enable Lateral Movement appeared first on SecurityWeek.
SecurityWeek – Read More
⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More
/in General NewsWelcome to this week’s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights.
⚡ Threat of the Week
Russian Threat Actors Leverage Device Code Phishing to Hack
The Hacker News – Read More
Estonian spy chief: ‘Hybrid schmybrid, what’s happening is attacks’
/in General NewsIn a late panel discussion on Saturday at the Munich Security Conference, Kaupo Rosin protested the use of the word which has been applied to a range of hostile activities that are deemed to be deniable or below the threshold justifying an armed response.
The Record from Recorded Future News – Read More