BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
AI agent adoption is driving increases in opportunities, threats, and IT budgets
/in General NewsWhile 79% of security leaders believe that AI agents will introduce new security and compliance challenges, 80% say AI agents will introduce new security opportunities.
Latest stories for ZDNET in Security – Read More
Bumblebee Malware Takes Flight via Trojanized VMware Utility
/in General NewsAn employee inadvertently downloaded a malicious version of the legitimate RVTools utility, which launched an investigation into an attempted supply chain attack aimed at delivering the recently revived initial-access loader.
darkreading – Read More
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
/in General NewsAn unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code.
“The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis
The Hacker News – Read More
Hazy Hawk Attack Spotted Targeting Abandoned Cloud Assets Since 2023
/in General NewsInfoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
‘Hazy Hawk’ Cybercrime Gang Swoops In for Cloud Resources
/in General NewsSince December 2023, the threat group has preyed on domains belonging to the US Centers for Disease Control and Prevention (CDC) and numerous other reputable organizations worldwide to redirect users to malicious sites.
darkreading – Read More
Novel Phishing Attack Combines AES With Poisoned npm Packages
/in General NewsResearchers discovered a phishing attack in the wild that takes multiple well-tread technologies like open source packages and AES encryption and combines them.
darkreading – Read More
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
/in General NewsVMware patches flaws that expose users to data leakage, command execution and denial-of-service attacks. No temporary workarounds available.
The post NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch appeared first on SecurityWeek.
SecurityWeek – Read More
A security key for every employee? Yubikey-as-a-Service goes global
/in General NewsYubico’s roaming authenticators can now be provisioned and delivered in 175 countries. Here’s what the service offers.
Latest stories for ZDNET in Security – Read More
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
/in General NewsHigh-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder.
“The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content,” Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas
The Hacker News – Read More
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
/in General NewsCybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts.
“These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3
The Hacker News – Read More