BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
Feds charge 12 more suspects in RICO case over crypto crime spree
/in General NewsSome of the suspects allegedly “cold-called victims and used social engineering to convince them their accounts were the subject of cyberattacks and the enterprise callers were attempting to help secure their accounts,” according to the DOJ.
The Record from Recorded Future News – Read More
Ivanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities
/in General NewsIvanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Pro-Ukraine Group Targets Russian Developers with Python Backdoor
/in General NewsReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
In Other News: Hackers Not Behind Blackout, CISO Docuseries, Dior Data Breach
/in General NewsA summary of noteworthy stories that might have slipped under the radar this week.
The post In Other News: Hackers Not Behind Blackout, CISO Docuseries, Dior Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
How to Develop and Communicate Metrics for CSIRPs
/in General NewsA well-documented cybersecurity incident response program (CSIRP) provides the transparency needed for informed decision-making, protecting the organization in a constantly changing threat environment.
darkreading – Read More
Google Warns UK Retailer Hackers Now Targeting US
/in General NewsGoogle says the hacking group behind the recent cyberattacks on UK retailers is now shifting focus to the US.
The post Google Warns UK Retailer Hackers Now Targeting US appeared first on SecurityWeek.
SecurityWeek – Read More
Russian hospital faces multi-day shutdown as pro-Ukraine group claims cyberattack
/in General NewsAuthorities in the republic of Chuvashia confirmed attackers targeted software used to manage patient records and medical histories.
The Record from Recorded Future News – Read More
Japan enacts new Active Cyberdefense Law allowing for offensive cyber operations
/in General NewsThe new law, which was first mooted in 2022, is intended to help Japan strengthen its cyber defense “to a level equal to major Western powers” and marks a break from the country’s traditional approach to cyber defense.
The Record from Recorded Future News – Read More
UK National Health Service suppliers asked to tackle ‘endemic’ ransomware attacks
/in General NewsIn an open letter, NHS suppliers were warned that ransomware incidents have been getting more severe and frequent in recent months.
The Record from Recorded Future News – Read More
New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
/in General NewsCybersecurity researchers are calling attention to a new botnet malware called HTTPBot that has been used to primarily single out the gaming industry, as well as technology companies and educational institutions in China.
“Over the past few months, it has expanded aggressively, continuously leveraging infected devices to launch external attacks,” NSFOCUS said in a report published this week. “By
The Hacker News – Read More