BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products
/in General NewsVeeam and BeyondTrust have resolved several vulnerabilities that could be exploited for remote code execution.
The post Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild.
The vulnerability, CVE-2023-0386 (CVSS score: 7.8), is an improper ownership bug in the Linux kernel that could be exploited to escalate privileges on susceptible
The Hacker News – Read More
Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People
/in General NewsHackers have stolen personal and health information belonging to the customers of healthcare organizations served by Episource.
The post Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People appeared first on SecurityWeek.
SecurityWeek – Read More
Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents
/in General NewsA former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than three years in prison for unlawfully retaining and transmitting top secret National Defense Information (NDI) to people who were not entitled to receive them and for attempting to cover up the malicious activity.
Asif William Rahman, 34, of Vienna, has been sentenced today to 37 months on charges of
The Hacker News – Read More
Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication
/in General NewsVeeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions.
The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out of a maximum of 10.0.
“A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user,” the
The Hacker News – Read More
Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict
/in General NewsIran has throttled internet access in the country in a purported attempt to hamper Israel’s ability to conduct covert cyber operations, days after the latter launched an unprecedented attack on the country, escalating geopolitical tensions in the region.
Fatemeh Mohajerani, the spokesperson of the Iranian Government, and the Iranian Cyber Police, FATA, said the internet slowdown was designed to
The Hacker News – Read More
Indian Car-Sharing Firm Zoomcar Latest to Suffer Breach
/in General NewsThe company acknowledged that cybercriminals had taken sensitive information on more than 8 million users, including names, phone numbers, car registration numbers, addresses, and emails.
darkreading – Read More
‘HoldingHands’ Acts Like a Pickpocket With Taiwan Orgs
/in General NewsSince at least January, the threat actor has been employing multiple malware tools to steal information for potential future attacks against Taiwanese businesses and government agencies.
darkreading – Read More
New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack
/in General NewsResearchers identify a previously unknown ClickFix variant exploiting PowerShell and clipboard hijacking to deliver the Lumma infostealer via a compromised travel site.
The post New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Scattered Spider Aims at US Insurers After UK Retail Hit, Google Warns
/in General NewsScattered Spider targets US insurance firms after UK retail attacks, using social engineering to breach help desks and disrupt services, Google warns.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More