BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
US Takes Down Stolen Credit Card Marketplace PopeyeTools
/in General NewsThe US government has announced the seizure of stolen credit card marketplace PopeyeTools and charges against its administrators.
The post US Takes Down Stolen Credit Card Marketplace PopeyeTools appeared first on SecurityWeek.
SecurityWeek – Read More
Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack
/in General NewsIn a first, Russia’s APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.
Security Latest – Read More
Russian Cyberespionage Group Hit 60 Victims in Asia, Europe
/in General NewsRussia-linked TAG-110 has targeted over 60 government, human rights, and educational entities in Asia and Europe.
The post Russian Cyberespionage Group Hit 60 Victims in Asia, Europe appeared first on SecurityWeek.
SecurityWeek – Read More
Malware Bypasses Microsoft Defender and 2FA to Steal $24K in Crypto
/in General NewsMalware bypasses Microsoft Defender and 2FA, stealing $24K in cryptocurrency via a fake NFT game app. Learn how…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws
/in General NewsVulnCheck finds hundreds of thousands of internet-accessible hosts potentially vulnerable to 2023’s top frequently exploited flaws.
The post 400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Disrupts ONNX Phishing Service, Names Its Operator
/in General NewsMicrosoft has seized 240 phishing-related websites and has disrupted the ONNX service, which the company says is run by an Egyptian man.
The post Microsoft Disrupts ONNX Phishing Service, Names Its Operator appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks
/in General NewsMeta Platforms, Microsoft, and the U.S. Department of Justice (DoJ) have announced independent actions to tackle cybercrime and disrupt services that enable scams, fraud, and phishing attacks.
To that end, Microsoft’s Digital Crimes Unit (DCU) said it seized 240 fraudulent websites associated with an Egypt-based cybercrime facilitator named Abanoub Nady (aka MRxC0DER and mrxc0derii), who
The Hacker News – Read More
Backup Strategies for Home & Self-Hosted Solutions
/in General NewsAfter setting up your self-hosted environment, establishing a solid backup strategy is important. This guide applies to home backup solutions as well. While the traditional backup rule suggests having three copies on two different media types with one copy offsite, modern storage needs often require a more comprehensive approach. And the number we can debate is not that important.
Source
TechSplicer – Read More
Prompt Security Raises $18 Million for Gen-AI Security Platform
/in General NewsGen-AI security startup Prompt Security has raised $18 million in a Series A funding round led by Jump Capital.
The post Prompt Security Raises $18 Million for Gen-AI Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More
PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries
/in General NewsCybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer.
The packages, named gptplus and claudeai-eng, were uploaded by a user named “Xeroline” in November 2023, attracting
The Hacker News – Read More