BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
CISA: Russia’s Fancy Bear Targeting Logistics, IT Firms
/in General NewsThe mission is to gather information that could help Russia in its war against Ukraine.
darkreading – Read More
Chinese-speaking hackers targeting US municipalities with Cityworks bug
/in General NewsSince January, cybersecurity experts have seen Chinese-speaking hackers exploiting a bug impacting a tool used by local governments to manage critical infrastructure assets and other services.
The Record from Recorded Future News – Read More
Anthropic overtakes OpenAI: Claude Opus 4 codes seven hours nonstop, sets record SWE-Bench score and reshapes enterprise AI
/in General NewsAnthropic’s Claude Opus 4 outperforms OpenAI’s GPT-4.1 with unprecedented seven-hour autonomous coding sessions and record-breaking 72.5% SWE-bench score, transforming AI from quick-response tool to day-long collaborator.Read More
Security News | VentureBeat – Read More
Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw
/in General NewsAkamai documents a privilege escalation flaw in Windows Server 2025 after Redmond declines to ship an immediate patch.
The post Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
/in General NewsA Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell.
“UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access,” Cisco Talos researchers
The Hacker News – Read More
Why Image Quality Drops When Resizing a JPEG (and How to Fix It)
/in General NewsEver tried resizing an image only to end up with a blurry, pixelated mess? Whether you’re adjusting a…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
How to safeguard your small business in the hybrid work era: 5 top cybersecurity solutions
/in General NewsYour best cybersecurity strategy is all about balancing risk and affordability. Keep these five solutions in mind.
Latest stories for ZDNET in Security – Read More
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
/in General NewsA privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD).
“The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement,” Akamai security researcher Yuval Gordon said in a
The Hacker News – Read More
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
/in General NewsA recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region.
The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary code on a
The Hacker News – Read More
Experts Chart Path to Creating Safer Online Spaces for Women
/in General NewsGaps in laws, technology, and corporate accountability continue to put women’s safety and privacy online at risk.
darkreading – Read More