BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Russian Qakbot Gang Leader Indicted in US
/in General NewsRussian national Rustam Gallyamov was indicted in the US for his leading role in the development and distribution of Qakbot malware.
The post Russian Qakbot Gang Leader Indicted in US appeared first on SecurityWeek.
SecurityWeek – Read More
Companies Warned of Commvault Vulnerability Exploitation
/in General NewsCISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Azure environments.
The post Companies Warned of Commvault Vulnerability Exploitation appeared first on SecurityWeek.
SecurityWeek – Read More
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
/in General NewsFrom zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater.
SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K stars and a rapidly growing global user base.
This walkthrough covers what SafeLine is, how it works, and why it’s
The Hacker News – Read More
Mysterious hacking group Careto was run by the Spanish government, sources say
/in General NewsThe elusive hacking group Careto was never publicly linked to a specific government, but TechCrunch has learned researchers concluded privately that the Spanish government was behind the group.
Security News | TechCrunch – Read More
Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks
/in General NewsA Chinese threat actor exploited a zero-day vulnerability in Trimble Cityworks to hack local government entities in the US.
The post Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
DanaBot Botnet Disrupted, 16 Suspects Charged
/in General NewsThe DanaBot botnet ensnared over 300,000 devices and caused more than $50 million in damages before being disrupted.
The post DanaBot Botnet Disrupted, 16 Suspects Charged appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors
/in General NewsA Chinese espionage group has been chaining two recent Ivanti EPMM vulnerabilities in attacks against organizations in multiple critical sectors.
The post Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors appeared first on SecurityWeek.
SecurityWeek – Read More
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
/in General NewsThe U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization.
The malware, the DoJ said, infected more than 300,000
The Hacker News – Read More
GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
/in General NewsCybersecurity researchers have discovered an indirect prompt injection flaw in GitLab’s artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites.
GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users to write,
The Hacker News – Read More
CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment.
“Threat actors may have accessed client secrets for Commvault’s (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure,” the agency said.
“This
The Hacker News – Read More