BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
Hackers exploiting bug in popular Trimble Cityworks tool used by local gov’ts
/in General NewsFederal civilian agencies have been ordered to patch a vulnerability impacting Trimble Cityworks — a popular tool used by many governments to manage public infrastructure.
The Record from Recorded Future News – Read More
iOS 18.3.1 Release Expected Within the Next Few Weeks
/in General NewsSpeculation about the iOS 18.3.1 release has surfaced. This includes a related Starlink connectivity rumor.
Security | TechRepublic – Read More
ASP.NET Vulnerability Lets Hackers Hijack Servers, Inject Malicious Code
/in General NewsMicrosoft cybersecurity experts have identified a vulnerability flaw affecting ASP.NET applications, putting thousands of web servers at risk.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
ACLU Warns DOGE’s ‘Unchecked’ Access Could Violate Federal Law
/in General NewsThe ACLU says it stands ready to sue for access to government records that detail DOGE’s access to sensitive personnel data.
Security Latest – Read More
SolarWinds to Go Private for $4.4B
/in General NewsFive years after a Russian APT infiltrated a software update to gain access to thousands of SolarWinds customers, the board has voted unanimously to sell at a top valuation and plans for uninterrupted operations.
darkreading – Read More
LLM Hijackers Quickly Incorporate DeepSeek API Keys
/in General NewsThe secret use of other people’s generative AI platforms, wherein hijackers gain unauthorized access to an LLM while someone else foots the bill, is getting quicker and stealthier by the month.
darkreading – Read More
Label maker Avery says ransomware investigation also found credit-card scraper
/in General NewsAn investigation into a ransomware attack led label-maker Avery Products to also find malware that was skimming credit card details from transactions on its website, according to a data breach notification by the company.
The Record from Recorded Future News – Read More
IT Teams Worry About Increasing Cost of Cyber Tools From AI Features, While Criminals Barely Use Them
/in General NewsMost IT leaders believe generative AI will increase the cost of their security tools, according to Sophos research. But, by the looks of cyber crime forums, hackers are barely using AI.
Security | TechRepublic – Read More
Microsoft: Thousands of Public ASP.NET Keys Allow Web Server RCE
/in General NewsDevelopers are pulling in publicly available ASP.NET keys into their environments, without realizing that cyberattackers can use them for clandestine code injection.
darkreading – Read More
Phones, email, classes disrupted in University of The Bahamas ransomware attack
/in General NewsThe University of the Bahamas, which serves thousands of students and is one of the Caribbean nation’s biggest employers, said several systems went offline after a ransomware attack.
The Record from Recorded Future News – Read More