BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Last 24 hours: TechCrunch Disrupt 2025 Early Bird Deals will fly away after today
/in General NewsJust 24 hours left to lock in Early Bird pricing for TechCrunch Disrupt 2025 — happening October 27–29 at Moscone West in San Francisco. Save up to $900 on your pass, or bring someone brilliant with you for 90% off their ticket. This deal ends tonight at 11:59 p.m. PT. Grab your Early Bird discount […]
Security News | TechCrunch – Read More
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware
/in General NewsCybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework.
The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena.
“Catena uses embedded shellcode and configuration switching logic to stage
The Hacker News – Read More
Zimbra CVE-2024-27443 XSS Flaw Hits 129K Servers, Sednit Suspected
/in General NewsA critical XSS vulnerability, CVE-2024-27443, in Zimbra Collaboration Suite’s CalendarInvite feature is actively being exploited, potentially by the…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
SK Telecom Uncovers Two-Year Malware Attack, Leaking 26M IMSI Records
/in General NewsSK Telecom reveals malware intrusion that remained hidden for nearly two years, led to the leaking of 26.69…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
The US Is Building a One-Stop Shop for Buying Your Data
/in General NewsPlus: A mysterious hacking group’s secret client is exposed, Signal takes a swipe at Microsoft Recall, Russian hackers target security cameras to spy on aid to Ukraine, and more.
Security Latest – Read More
Naukri exposed recruiter email addresses, researcher says
/in General NewsThe recruiter website fixed the email address exposure earlier this week.
Security News | TechCrunch – Read More
BadSuccessor Exploits Windows Server 2025 Flaw for Full AD Takeover
/in General NewsAkamai researchers reveal a critical flaw in Windows Server 2025 dMSA feature that allows attackers to compromise any…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Ransomware hackers charged, infrastructure dismantled in international law enforcement operation
/in General NewsEuropol said 300 servers and 650 domains were taken down worldwide, while about $3.5 million was seized during raids throughout the week as part of Operation Endgame.
The Record from Recorded Future News – Read More
ConnectWise ScreenConnect Tops List of Abused RATs in 2025 Attacks
/in General NewsCofense Intelligence’s May 2025 report exposes how cybercriminals are abusing legitimate Remote Access Tools (RATs) like ConnectWise and Splashtop to deliver malware and steal data. Learn about this growing threat.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique
/in General NewsThe malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector.
“The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk,” Expel said in a report shared with The Hacker News. “This removes many opportunities for browsers or security
The Hacker News – Read More