BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Microsoft Uncovers Sandworm Subgroup’s Global Cyber Attacks Spanning 15+ Countries
/in General NewsA subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe.
“This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations,” the
The Hacker News – Read More
Don’t ignore Microsoft’s February Patch Tuesday – it’s a big one for all Windows 11 users
/in General NewsThe latest updates resolve more glitches and security flaws – some critical – in Windows 11 23H2 and 24H2, so you’ll want to install them sooner rather than later.
Latest stories for ZDNET in Security – Read More
Microsoft: Russia’s Sandworm APT Exploits Edge Bugs Globally
/in General NewsSandworm (aka Seashell Blizzard) has an initial access wing called “BadPilot” that uses standard intrusion tactics to spread Russia’s tendrils around the world.
darkreading – Read More
Google Family Link now limits who can contact your child’s device
/in General NewsThe parental control app just added several new features to help you keep your kids safer.
Latest stories for ZDNET in Security – Read More
Russian Seashell Blizzard Hackers Gain, Maintain Access to High-Value Targets: Microsoft
/in General NewsA subgroup of the Russia-linked Seashell Blizzard is tasked with broad initial access operations to sustain long-term persistence.
The post Russian Seashell Blizzard Hackers Gain, Maintain Access to High-Value Targets: Microsoft appeared first on SecurityWeek.
SecurityWeek – Read More
Patch Tuesday: Microsoft Fixes 63 Bugs with 2 Zero-Days
/in General NewsMicrosoft’s February Patch Tuesday addresses 63 security vulnerabilities, including two actively exploited zero-days. Update your systems now to…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
SGNL snags $30M for a new take on ID security based on zero-standing privileges
/in General NewsSecurity experts often describe identity as the “new perimeter” in the world of security: in the world of cloud services where network assets and apps can range far and wide, the biggest vulnerabilities are often leaked and spoofed log-in credentials. A startup called SGNL has built a new approach that it believes is better at […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability
/in General NewsCybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container’s isolation protections and gain complete access to the underlying host.
The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions –
NVIDIA Container Toolkit (All
The Hacker News – Read More
Is AI a Friend or Foe of Healthcare Security?
/in General NewsWhen it comes to keeping patient information safe, people empowerment is just as necessary as deploying new technologies.
darkreading – Read More
Ivanti, Fortinet Patch Remote Code Execution Vulnerabilities
/in General NewsIvanti and Fortinet on Tuesday released patches for multiple critical- and high-severity vulnerabilities in their products.
The post Ivanti, Fortinet Patch Remote Code Execution Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More