BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
- [webapps] Roundcube 1.6.10 - Remote Code Execution (RCE)
- [remote] Freefloat FTP Server 1.0 - Remote Buffer Overflow
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity
/in General NewsNetwork segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints – from legacy medical devices to IoT sensors – onto their production networks.
The Hacker News – Read More
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
/in General NewsCybersecurity researchers have detailed a now-patched security flaw impacting Monkey’s Audio (APE) decoder on Samsung smartphones that could lead to code execution.
The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14.
“Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote
The Hacker News – Read More
How AI will transform cybersecurity in 2025 – and supercharge cybercrime
/in General NewsFrom AI-driven defense to evolving ransomware tactics, here’s what cybersecurity industry leaders and experts are preparing for this year.
Latest stories for ZDNET in Security – Read More
Chinese APT Group Is Ransacking Japan’s Secrets
/in General NewsSince 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said.
darkreading – Read More
Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs
/in General NewsThe most recent iteration of the open source infostealer skates by antivirus programs on Macs, using an encryption mechanism stolen from Apple’s own antivirus product.
darkreading – Read More
Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location
/in General NewsA hack of location data company Gravy Analytics has revealed which apps are—knowingly or not—being used to collect your information behind the scenes.
Security Latest – Read More
Rumble Among 15 Targets of Texas Attorney General’s Child Privacy Probe
/in General NewsTexas has become a leading enforcer of internet rules. Its latest probe includes some platforms that privacy experts describe as unusual suspects.
Security Latest – Read More
Hacking Group ‘Silk Typhoon’ Linked to US Treasury Breach
/in General NewsThe attack used a stolen remote support SaaS API key to exfiltrate data from workstations in the Treasury Department’s Office of Foreign Assets Control.
darkreading – Read More
What’s Next for Open Source Software Security in 2025?
/in General NewsHidden dependencies, social engineering attacks, and the complexity of foundation models can all contribute tothe insecure use of open-source software in 2025.
Security | TechRepublic – Read More
How the US TikTok Ban Would Actually Work
/in General NewsThe fate of TikTok now rests in the hands of the US Supreme Court. If a law banning the social video app this month is upheld, it won’t disappear from your phone—but it will get messy fast.
Security Latest – Read More