BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Russian APT Hits Ukrainian Government With New Malware via Signal
/in General NewsRussia-linked APT28 deployed new malware against Ukrainian government targets through malicious documents sent via Signal chats.
The post Russian APT Hits Ukrainian Government With New Malware via Signal appeared first on SecurityWeek.
SecurityWeek – Read More
New WordPress Malware Hides on Checkout Pages and Imitates Cloudflare
/in General NewsWordfence exposes a sophisticated WordPress malware campaign using a rogue WordPress Core plugin. Active since 2023, it steals credit cards and credentials with advanced anti-detection.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
These battery-powered 4K security cameras give Ring and Blink a run for their money
/in General NewsTP-Link’s new cameras feature 4K capabilities with 24/7 recording, thanks to the HomeBase H500. They’re also cheaper than their closest competitors.
Latest stories for ZDNET in Security – Read More
Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options
/in General NewsMicrosoft on Tuesday announced that it’s extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud.
The development comes ahead of the tech giant’s upcoming October 14, 2025, deadline, when it plans to officially end support and stop providing security updates for devices running Windows 10. The
The Hacker News – Read More
Africa Sees Surge in Cybercrime as Law Enforcement Struggles
/in General NewsCybercrime accounts for more than 30% of all reported crime in East Africa and West Africa, with online scams, ransomware, business email compromise, and digital sextortion taking off.
darkreading – Read More
Threat Actor Trojanizes Copy of SonicWall NetExtender VPN App
/in General NewsA threat actor hacked a version of SonicWall’s NetExtender SSL VPN application in an effort to trick users into installing a Trojanized version of the product.
darkreading – Read More
China-Nexus ‘LapDogs’ Network Thrives on Backdoored SOHO Devices
/in General NewsThe campaign infected devices in the US and Southeast Asia to build an operational relay box (ORB) network for use as an extensive cyber-espionage infrastructure.
darkreading – Read More
Generative AI and privacy are best frenemies – a new study ranks the best and worst offenders
/in General NewsLe Chat and Grok are the most respectful of your privacy. So which ones are the worst offenders?
Latest stories for ZDNET in Security – Read More
SparkKitty Spyware on App Store and Play Store, Steals Photos for Crypto Data
/in General NewsKaspersky uncovers SparkKitty, new spyware in Apple App Store & Google Play. Steals photos, targets crypto info, active since early 2024 via malicious apps.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public
/in General NewsThe United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public.
The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S. law. The U.S. Embassy said every visa application review is a “national security decision.”
“Effective immediately, all individuals applying for an
The Hacker News – Read More