BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
The Root of AI Hallucinations: Physics Theory Digs Into the ‘Attention’ Flaw
/in General NewsPhysicist Neil Johnson explores how fundamental laws of nature could explain why AI sometimes fails—and what to do about it.
The post The Root of AI Hallucinations: Physics Theory Digs Into the ‘Attention’ Flaw appeared first on SecurityWeek.
SecurityWeek – Read More
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
/in General NewsApple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone.
The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from “deceptive apps designed to steal personal information to fraudulent payment schemes that attempt to exploit
The Hacker News – Read More
Indian Police Arrest Cybercrime Gang Copycats of Myanmar Biz Model
/in General NewsThe region offers attractive conditions: a large pool of tech workers, economic disparity, and weak enforcement of cybercrime laws — all of which attract businesses legitimate and shady.
darkreading – Read More
Security leaders lose visibility as consultants deploy shadow AI copilots to stay employed
/in General NewsFearing sweeping layoffs driven by AI and automation, elite consultants and high performers are turning to shadow AI for a competitive edge.Read More
Security News | VentureBeat – Read More
Zscaler to Acquire MDR Specialist Red Canary
/in General NewsZscaler signals a big push into the security-operations market with the announcement of plans to buy Denver-based Red Canary.
The post Zscaler to Acquire MDR Specialist Red Canary appeared first on SecurityWeek.
SecurityWeek – Read More
ChatGPT o3 Resists Shutdown Despite Instructions, Study Claims
/in General NewsChatGPT o3 resists shutdown despite explicit instructions, raising fresh concerns over AI safety, alignment, and reinforcement learning behaviors.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Adidas Falls Victim to Third-Party Data Breach
/in General NewsThough Adidas said that no payment or financial information was affected in the breach, individuals who contacted the compamy’s customer service help desk were impacted.
darkreading – Read More
DragonForce Ransomware Strikes MSP in Supply Chain Attack
/in General NewsDragonForce, a ransomware “cartel” that has gained significant popularity since its debut in 2023, attacked an MSP as part of a recent supply chain attack, via known SimpleHelp bugs.
darkreading – Read More
Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars
/in General NewsSina Gholinejad admitted to using the Robbinhood ransomware variant to extort ransom payments from dozens of victims.
The Record from Recorded Future News – Read More
Iranian Man Pleads Guilty to Role in Baltimore Ransomware Attack
/in General NewsSina Gholinejad pleaded guilty to computer-fraud and wire-fraud-conspiracy charges linked to the Robbinhood ransomware hit on Baltimore.
The post Iranian Man Pleads Guilty to Role in Baltimore Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More