BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
Cheap Yet Secure: Top VPNs for Privacy-Conscious Users on a Budget
/in General NewsThe Importance of Balancing Cost and Security!
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Casio and 16 Other Websites Hit by Double-Entry Web Skimming Attack
/in General NewsResearchers uncover a double-entry website skimming attack targeting Casio and 16 other sites. Learn how cybercriminals exploited vulnerabilities to steal sensitive payment data and evade detection.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Israeli Spyware Firm Paragon Linked to WhatsApp Zero-Click Attack
/in General NewsWhatsApp recently revealed a targeted spyware campaign linked to the Israeli firm Paragon, which affected 90 individuals, including…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices
/in General News“Texas will not allow the Chinese Communist Party to infiltrate our state’s critical infrastructure through data-harvesting AI and social media apps,” Abbott said.
The post Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices appeared first on SecurityWeek.
SecurityWeek – Read More
Foreign Hackers Are Using Google’s Gemini in Attacks on the US
/in General NewsPlus: WhatsApp discloses nearly 100 targets of spyware, hackers used the AT&T breach to hunt for details on US politicians, and more.
Security Latest – Read More
U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
/in General NewsU.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan.
The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker.
The vast array of sites in question peddled phishing toolkits and fraud-enabling tools and
The Hacker News – Read More
BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key
/in General NewsBeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company’s Remote Support SaaS instances by making use of a compromised API key.
The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged
The Hacker News – Read More
Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists
/in General NewsMeta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members.
The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024.
In a statement to The Guardian, the encrypted messaging app said it has reached
The Hacker News – Read More
Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts
/in General NewsCybersecurity researchers have discovered a malvertising campaign that’s targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials.
“These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft’s advertising platform,” Jérôme Segura, senior
The Hacker News – Read More
DeepSeek Jailbreak Reveals Its Entire System Prompt
/in General NewsNow we know exactly how DeepSeek was designed to work, and we may even have a clue toward its highly publicized scandal with OpenAI.
darkreading – Read More