BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
/in General NewsThe Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign.
The attackers exploited a critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.0) to access configuration
The Hacker News – Read More
Salt Typhoon Targets Telecoms via Router Flaws, Warn FBI and Canada
/in General NewsSalt Typhoon, a China-linked group, is exploiting router flaws to spy on global telecoms, warns a joint FBI and Canadian advisory issued in June 2025.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
SparkKitty Swipes Pics from iOS, Android Devices
/in General NewsLike its predecessor, SparkCat, the new malware appears to be going after sensitive data — such as seed phrases for cryptocurrency wallets — in device photo galleries.
darkreading – Read More
China-linked LapDogs Campaign Drops ShortLeash Backdoor with Fake Certs
/in General NewsShortLeash backdoor, used in the China-linked LapDogs campaign since 2023, enables stealth access, persistence, and data theft via compromised SOHO routers and fake certs.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
‘Echo Chamber’ Attack Blows Past AI Guardrails
/in General NewsAn AI security researcher has developed a proof of concept that uses subtle, seemingly benign prompts to get GPT and Gemini to generate inappropriate content.
darkreading – Read More
Researchers say cybercriminals are using jailbroken AI tools from Mistral and xAI
/in General News“Uncensored” versions of two mainstream AI tools are the latest examples of how cybercriminals are repurposing the technology for illicit means.
The Record from Recorded Future News – Read More
Salesforce launches Agentforce 3 with AI agent observability and MCP support
/in General NewsSalesforce launches Agentforce 3 with AI agent observability and native MCP support, giving enterprises real-time visibility and secure interoperability at scale.Read More
Security News | VentureBeat – Read More
Canada says telcos were breached in China-linked espionage hacks
/in General NewsSalt Typhoon previously hacked phone and telco giants across the United States.
Security News | TechCrunch – Read More
1inch rolls out expanded bug bounties with rewards up to $500K
/in General NewsDUBAI, United Arab Emirates, 23rd June 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
DHS Warns of Rise in Cyberattacks in Light of US-Iran Conflict
/in General NewsAfter President’s Trump decision to enter the US into the conflict in the Middle East, the Department of Homeland Security expects there to be an uptick in Iranian hacktivists and state-sponsored actors targeting US systems.
darkreading – Read More