BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
Beyond Compliance: The Advantage of Year-Round Network Pen Testing
/in General NewsIT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait around for compliance schedules.
Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%),
The Hacker News – Read More
Fake Discount Sites Exploit Black Friday to Hijack Shopper Information
/in General NewsA new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season.
“The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products
The Hacker News – Read More
T-Mobile Also Targeted in Chinese Telecom Hacking Campaign
/in General NewsT-Mobile has also been targeted by the Chinese group Salt Typhoon in a major espionage campaign targeting US telecom companies.
The post T-Mobile Also Targeted in Chinese Telecom Hacking Campaign appeared first on SecurityWeek.
SecurityWeek – Read More
Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites
/in General NewsA critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site.
The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The
The Hacker News – Read More
3 leadership lessons we can learn from ethical hackers
/in General NewsHere’s how business leaders can use a hacker’s problem-solving approach to to improve their own leadership skills.Read More
Security News | VentureBeat – Read More
NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta’s Lawsuit
/in General NewsLegal documents released as part of an ongoing legal tussle between Meta’s WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so.
They also show that NSO Group repeatedly found ways to install the invasive surveillance tool on the target’s devices as
The Hacker News – Read More
Microsoft Pulls Exchange Patches Amid Mail Flow Issues
/in General NewsEmail at many organizations has stopped working; the tech giant has advised users who are facing the issue to uninstall the updates so that it can address flaw.
darkreading – Read More
What Okta’s failures say about the future of identity security in 2025
/in General News2025 needs to be the year identity providers go all in on improving every aspect of software quality and security, including red teaming.Read More
Security News | VentureBeat – Read More
Ohio man behind Helix cryptocurrency mixer gets 3-year sentence
/in General NewsLarry Harmon ran the mixer from 2014 to 2017, facilitating more than $300 million worth of cryptocurrency transactions.
The Record from Recorded Future News – Read More
ANZ CIO Challenges: AI, Cybersecurity & Data Analytics for 2025
/in General NewsANZ government CIOs face budget constraints while prioritizing AI, cybersecurity, and data analytics for productivity gains and digital transformation in 2025.
Security | TechRepublic – Read More