BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
A security key for every employee? Yubikey-as-a-Service goes global
/in General NewsYubico’s roaming authenticators can now be provisioned and delivered in 175 countries. Here’s what the service offers.
Latest stories for ZDNET in Security – Read More
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
/in General NewsHigh-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder.
“The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content,” Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas
The Hacker News – Read More
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
/in General NewsCybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts.
“These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3
The Hacker News – Read More
Compromised RVTools Installer Spreading Bumblebee Malware
/in General NewsRVTools installer on its official site was found delivering malware. Research shows it spread Bumblebee loader. Users urged to verify downloads.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
The Crowded Battle: Key Insights from the 2025 State of Pentesting Report
/in General NewsIn the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have to handle. The findings reveal a complex picture of progress, challenges, and a shifting mindset
The Hacker News – Read More
CloudSEK Raises $19 Million for Threat Intelligence Platform
/in General NewsThreat protection and intelligence firm CloudSEK raises $19 million in funding from new and existing investors.
The post CloudSEK Raises $19 Million for Threat Intelligence Platform appeared first on SecurityWeek.
SecurityWeek – Read More
O2 Service Vulnerability Exposed User Location
/in General NewsA vulnerability in O2’s implementation of the IMS standard resulted in user location data being exposed in network responses.
The post O2 Service Vulnerability Exposed User Location appeared first on SecurityWeek.
SecurityWeek – Read More
New Nitrogen Ransomware Targets Financial Firms in the US, UK and Canada
/in General NewsNitrogen, a ransomware strain, has emerged as a major threat to organizations worldwide, with a particular focus on…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse
/in General NewsCybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers.
The malicious activity has been codenamed RedisRaider by Datadog Security Labs.
“RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,”
The Hacker News – Read More
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
/in General NewsCybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs.
All three packages are no longer available on PyPI. The names of the Python packages are below –
checker-SaGaF (2,605 downloads)
steinlurks (1,049 downloads)
sinnercore (3,300 downloads)
The Hacker News – Read More