BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse
/in General NewsCybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers.
The malicious activity has been codenamed RedisRaider by Datadog Security Labs.
“RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,”
The Hacker News – Read More
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
/in General NewsCybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs.
All three packages are no longer available on PyPI. The names of the Python packages are below –
checker-SaGaF (2,605 downloads)
steinlurks (1,049 downloads)
sinnercore (3,300 downloads)
The Hacker News – Read More
‘Operation RoundPress’ Targets Ukraine in XSS Webmail Attacks
/in General NewsA cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-phishing attacks that exploit XSS vulnerabilities.
darkreading – Read More
Serviceaide Leak Exposes Records of 500,000 Catholic Health Patients
/in General NewsServiceaide data leak exposes sensitive health info of 500K Catholic Health patients due to misconfigured database; risk of ID theft and fraud.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Trump Signs Controversial Law Targeting Nonconsensual Sexual Content
/in General NewsThe Take It Down Act requires platforms to remove instances of “intimate visual depiction” within two days. Free speech advocates warn it could be weaponized to fuel censorship.
Security Latest – Read More
BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software
/in General NewsSan Francisco incident response coordination startup banks $15 million in a Series A funding round led by Ballistic Ventures.
The post BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft just launched an AI that discovered a new chemical in 200 hours instead of years
/in General NewsMicrosoft launches Discovery platform that uses agentic AI to compress years of scientific research into days, transforming R&D across pharmaceuticals, materials science, and semiconductor industries.Read More
Security News | VentureBeat – Read More
Legal Aid Agency Warns Lawyers, Defendants on Data Breach
/in General NewsThe online service has since been shut down as the agency grapples with the cyberattack, though it assures the public that those most in need of legal assistance will still be able to access help.
darkreading – Read More
UK Legal Aid Agency Hit by Cyberattack, Sensitive Data Stolen
/in General NewsThe UK Legal Aid Agency has suffered a major cyberattack, with “significant” sensitive data, including criminal records, stolen.…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
A Silicon Valley VC Says He Got the IDF Starlink Access Within Days of October 7 Attack
/in General NewsSequoia Capital partner Shaun Maguire said in a webinar hosted by Israel’s Defense Ministry that he connected the IDF with SpaceX’s Starlink satellite internet far sooner than believed.
Security Latest – Read More