BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
Lynx Ransomware Group ‘Industrializes’ Cybercrime With Affiliates
/in General NewsThe ransomware group provides everything an affiliate could want to breach and attack victims, including a quality controlled recruitment system to engage even more criminals.
darkreading – Read More
Phishing Campaign Baits Hook With Malicious Amazon PDFs
/in General NewsIn their discovery, researchers found 31 PDF files linking to these phishing websites, none of which have been yet submitted to VirusTotal.
darkreading – Read More
Super Bowl LIX Could Be a Magnet for Cyberattacks
/in General NewsConcerns include everything from ransomware, malware, and phishing attacks on the game’s infrastructure to those targeting event sponsors and fans.
darkreading – Read More
VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer
/in General NewsVMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access.
The post VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware attack kept major energy industry contractor out of some systems for 6 weeks
/in General NewsOklahoma-based ENGlobal Corporation said in an updated 8-K filing with the SEC that company officials were locked out of financial systems for six weeks because of a November ransomware attack.
The Record from Recorded Future News – Read More
Hackers Claim 2nd Breach at HP Enterprise, Plan to Sell Access
/in General NewsIntelBroker targets Hewlett-Packard Enterprise (HPE) again, claiming to have access to the company’s internal infrastructure and the possibility…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
This new Android feature protects your phone, even if someone has your PIN
/in General NewsIf you’re looking for an additional layer of security for your Android device, Google’s Identity Check might be just the ticket. Here’s how it works.
Latest stories for ZDNET in Security – Read More
Microsoft Edge offers new tool to combat scareware – here’s how it works
/in General NewsEdge’s new scareware blocker aims to protect you from malicious websites that try to scam you through fear tactics. Here’s how to opt in.
Latest stories for ZDNET in Security – Read More
Outsmarting AI-powered cyber attacks: A 2025 playbook for real-time endpoint defense
/in General NewsEndpoint, identity, and multi-domain attacks are dominating the enterprise threatscape today, fueled by new tradecraft invented using gen AI.Read More
Security News | VentureBeat – Read More
New TorNet Backdoor Exploits TOR Network in Advanced Phishing Attack
/in General NewsAdvanced phishing campaign targets Poland and Germany, delivering Agent Tesla, Snake Keylogger and newly identified TorNet backdoor via…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More