BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Chinese Hackers Exploit Cityworks 0-Day to Hit US Local Governments
/in General NewsCisco Talos warns of active exploitation of a zero-day vulnerability (CVE-2025-0994) in Cityworks supposedly by Chinese hackers from…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
/in General NewsAs many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
The packages, published under three different accounts, come with an install‑time script that’s triggered during npm install, Socket security researcher Kirill Boychenko said in a
The Hacker News – Read More
Vote for the sessions you want to see at TechCrunch Disrupt 2025
/in General NewsWe were thrilled by the remarkable interest in speaking at TechCrunch Disrupt 2025, taking place October 27–29 at Moscone West in San Francisco. After an in-depth review process, we’ve selected 20 exceptional finalists—10 for breakout sessions and 10 for roundtables. Now, we’re putting the final decision in your hands. Audience Choice voting is open through […]
Security News | TechCrunch – Read More
CISO’s Guide To Web Privacy Validation And Why It’s Important
/in General NewsAre your web privacy controls protecting your users, or just a box-ticking exercise? This CISO’s guide provides a practical roadmap for continuous web privacy validation that’s aligned with real-world practices.
– Download the full guide here.
Web Privacy: From Legal Requirement to Business Essential
As regulators ramp up enforcement and users grow more privacy-aware, CISOs face a mounting
The Hacker News – Read More
Researchers Drop PoC for Fortinet CVE-2025-32756, Urging Quick Patching
/in General NewsResearchers have released PoC for CVE-2025-32756, a severe security flaw, that is actively being exploited in Fortinet products…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
A Starter Guide to Protecting Your Data From Hackers and Corporations
/in General NewsHackers. AI data scrapes. Government surveillance. Thinking about where to start when it comes to protecting your online privacy can be overwhelming. Here’s a simple guide for you—and anyone who claims they have nothing to hide.
Security Latest – Read More
⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs
/in General NewsCyber threats don’t show up one at a time anymore. They’re layered, planned, and often stay hidden until it’s too late.
For cybersecurity teams, the key isn’t just reacting to alerts—it’s spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today’s complex systems, we
The Hacker News – Read More
Nova Scotia Power Confirms Ransomware Attack, 280k Notified of Data Breach
/in General NewsNova Scotia Power has finally admitted that the recent cyberattack was a ransomware attack, but it hasn’t paid the hackers.
The post Nova Scotia Power Confirms Ransomware Attack, 280k Notified of Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
FBI Warns of Silent Ransom Group Targeting Law Firms via Scam Calls
/in General NewsFBI warns law firms: Silent Ransom Group uses phishing emails and fake IT calls to steal data, demanding ransom to prevent public leaks. The agency is also urges victims to share ransom evidence.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Last 24 hours: TechCrunch Disrupt 2025 Early Bird Deals will fly away after today
/in General NewsJust 24 hours left to lock in Early Bird pricing for TechCrunch Disrupt 2025 — happening October 27–29 at Moscone West in San Francisco. Save up to $900 on your pass, or bring someone brilliant with you for 90% off their ticket. This deal ends tonight at 11:59 p.m. PT. Grab your Early Bird discount […]
Security News | TechCrunch – Read More