BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
Hackers Drain Over $85 Million From Crypto Exchange Phemex
/in General NewsHackers stole more than $85 million in crypto assets from hot wallets at cryptocurrency exchange Phemex.
The post Hackers Drain Over $85 Million From Crypto Exchange Phemex appeared first on SecurityWeek.
SecurityWeek – Read More
NinjaOne to Acquire Dropsuite for $252 Million
/in General NewsEndpoint management and security firm NinjaOne to acquire cloud data backup, archiving, and recovery solutions provider Dropsuite for $252 million.
The post NinjaOne to Acquire Dropsuite for $252 Million appeared first on SecurityWeek.
SecurityWeek – Read More
How to protect your privacy from Facebook – and what doesn’t work
/in General NewsBothered by Facebook looking over your shoulder? Here are some ways to keep Meta from being such a snooper.
Latest stories for ZDNET in Security – Read More
DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge
/in General NewsChina’s DeepSeek blamed sign-up disruptions on a cyberattack as researchers started finding vulnerabilities in the R1 AI model.
The post DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge appeared first on SecurityWeek.
SecurityWeek – Read More
European Union Sanctions Russian Nationals for Hacking Estonia
/in General NewsThe European Union has added three Russian nationals to its sanctions list for their involvement in cyberattacks against Estonia.
The post European Union Sanctions Russian Nationals for Hacking Estonia appeared first on SecurityWeek.
SecurityWeek – Read More
SonicWall Confirms Exploitation of New SMA Zero-Day
/in General NewsSonicWall has confirmed that an SMA 1000 zero-day tracked as CVE-2025-23006 has been exploited in the wild.
The post SonicWall Confirms Exploitation of New SMA Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
ENGlobal Says Personal Information Accessed in Ransomware Attack
/in General NewsENGlobal has informed the SEC that personal information was compromised in a November 2024 ransomware attack.
The post ENGlobal Says Personal Information Accessed in Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft tests ‘scareware blocker’ for Edge that uses computer vision to detect scams
/in General NewsMicrosoft is rolling out a new tool dubbed “scareware blocker,” which uses machine learning and computer vision to identify a very pervasive type of online scam. “Scareware” has blighted the web almost since its inception, often in the form of fake antivirus software that claims to have detected a non-existent threat on a user’s machine. […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia’s Key Ministries
/in General NewsThe Council of the European Union has sanctioned three individuals for allegedly carrying out “malicious cyber activities” against Estonia.
The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov – are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155, it said.
Per the council decision, all the
The Hacker News – Read More
Apple Patches First Exploited iOS Zero-Day of 2025
/in General NewsApple has released fixes for dozens of vulnerabilities in its mobile and desktop products, including an iOS zero-day exploited in attacks.
The post Apple Patches First Exploited iOS Zero-Day of 2025 appeared first on SecurityWeek.
SecurityWeek – Read More