BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Pro-Israel hackers claim breach of Iranian bank amid military escalation
/in General NewsA group tracked as Predatory Sparrow said it was responsible for hacking Bank Sepah as the conflict between Israel and Iran intensified.
The Record from Recorded Future News – Read More
Zoomcar Data Breach Exposes Personal Info of 8.4 Million Users
/in General NewsZoomcar confirms 2025 breach affecting 8.4M users, echoing its 2018 data leak. Personal info exposed, financial data safe, investigation ongoing.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
/in General NewsCybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware.
“Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware,” Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed
The Hacker News – Read More
Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers
/in General NewsCISA warns that a vulnerability impacting multiple discontinued TP-Link router models is exploited in the wild.
The post Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers appeared first on SecurityWeek.
SecurityWeek – Read More
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when
The Hacker News – Read More
Asus Armoury Crate Vulnerability Leads to Full System Compromise
/in General NewsA high-severity authorization bypass vulnerability in Asus Armoury Crate provides attackers with low-level system privileges.
The post Asus Armoury Crate Vulnerability Leads to Full System Compromise appeared first on SecurityWeek.
SecurityWeek – Read More
Recent Langflow Vulnerability Exploited by Flodrix Botnet
/in General NewsA critical Langflow vulnerability tracked as CVE-2025-3248 has been exploited to ensnare devices in the Flodrix botnet.
The post Recent Langflow Vulnerability Exploited by Flodrix Botnet appeared first on SecurityWeek.
SecurityWeek – Read More
Google to scale up AI-powered fraud detection and security operations in India
/in General NewsGoogle has unveiled its Safety Charter in India, which will expand its AI-led developments for fraud detection and combating scams across the country, the company’s largest market outside the United States. Digital fraud in India is rising. Fraud related to the Indian government’s instant payment system UPI grew 85% year-over-year to nearly 11 billion Indian […]
Security News | TechCrunch – Read More
Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement
/in General NewsMeta Platforms on Monday announced that it’s bringing advertising to WhatsApp, but emphasized that the ads are “built with privacy in mind.”
The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice notes, and text for 24 hours. These efforts are “rolling out gradually,” per the company.
The media
The Hacker News – Read More
Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addresses
/in General NewsThe shooter allegedly researched several “people search” sites in an attempt to target his victims, highlighting the potential dangers of widely available personal data.
Security Latest – Read More