BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
High-Severity Vulnerabilities Patched by Cisco, Atlassian
/in General NewsCisco has resolved a high-severity vulnerability in Meraki MX and Meraki Z devices. Atlassian pushed patches for multiple third-party dependencies.
The post High-Severity Vulnerabilities Patched by Cisco, Atlassian appeared first on SecurityWeek.
SecurityWeek – Read More
Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
/in General NewsThreat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims’ emails.
Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the Citizen Lab, stating the activity
The Hacker News – Read More
Facebook’s new passkey support could let you ditch your password once and for all
/in General NewsYou’ll soon be able to protect your Facebook account with a secure and convenient passkey, though only mobile devices will be supported.
Latest stories for ZDNET in Security – Read More
Swedish Truck Giant Scania Investigating Hack
/in General NewsA hacker is selling allegedly valuable data stolen from Scania, but the truck maker believes impact is very limited.
The post Swedish Truck Giant Scania Investigating Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Meta Adds Passkey Login Support to Facebook for Android and iOS Users
/in General NewsMeta Platforms on Wednesday announced that it’s adding support for passkeys, the next-generation password standard, on Facebook.
“Passkeys are a new way to verify your identity and login to your account that’s easier and more secure than traditional passwords,” the tech giant said in a post.
Support for passkeys is expected to be available “soon” on Android and iOS mobile devices. The feature is
The Hacker News – Read More
Iran-Israel War Triggers a Maelstrom in Cyberspace
/in General NewsAs Iran closes its cyberspace to the outside world, hacktivists are picking sides, while attacks against Israel surge and spread across the region.
darkreading – Read More
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
/in General NewsCybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions.
The vulnerabilities, discovered by Qualys, are listed below –
CVE-2025-6018 – LPE from unprivileged to allow_active in SUSE 15’s Pluggable Authentication Modules (PAM)
CVE-2025-6019 – LPE from allow_active to root in
The Hacker News – Read More
The Triple Threat of Burnout: Overworked, Unsatisfied, Trapped
/in General NewsMany cybersecurity professionals still don’t feel comfortable admitting when they need a break. And the impact goes beyond being overworked.
darkreading – Read More
OpenAI Awarded $200M Contract to Work With DoD
/in General NewsOpenAI intends to help streamline the Defense Department’s administrative processes using artificial intelligence.
darkreading – Read More
GodFather Android Malware Runs Real Apps in a Sandbox to Steal Data
/in General NewsZimperium zLabs reveals GodFather malware’s advanced virtualization that hijacks mobile banking and crypto apps. Learn how it steals data on your phone.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More