BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
Sports Venues Must Vet Their Vendors to Maintain Security
/in General NewsThe sports and entertainment industries face unique cybersecurity challenges due to the rapid technological advancements being implemented. Cyber-physical systems like augmented reality and smart sensors increase security concerns.
Cyware News – Latest Cyber News – Read More
Ireland’s DPC Takes Twitter to Court Over AI User Data Concerns
/in General NewsIreland’s Data Protection Commission (DPC) has taken Twitter to court over concerns regarding the use of AI user data. The DPC is specifically worried about the personal data of millions of European users being used to train AI systems for Grok.
Cyware News – Latest Cyber News – Read More
OpenWrt Dominates, but Vulnerabilities Persist in OT/IoT Router Firmware
/in General NewsA Forescont study showed that outdated software components in OT/IoT cellular routers and SOHO routers are linked to known vulnerabilities, with an average of 20 exploitable n-days affecting the kernel in widely used firmware images.
Cyware News – Latest Cyber News – Read More
RustScan: Open-Source Port Scanner
/in General NewsRustScan is a fast and versatile open-source port scanner with Adaptive Learning for optimal performance. It can scan all 65,000 ports in 3 seconds and supports a scripting engine for customization.
Cyware News – Latest Cyber News – Read More
Researchers Unveil AWS Vulnerabilities, New ‘Shadow Resource’ Attack Vector
/in General NewsThe vulnerabilities were promptly patched by AWS after being reported by Aqua Security researchers. These flaws in services like CloudFormation, CodeStar, and Service Catalog could potentially lead to a full account takeover if exploited.
Cyware News – Latest Cyber News – Read More
Vulnerability Allowed Eavesdropping via Sonos Smart Speakers
/in General NewsSonos has patched vulnerabilities in its smart speakers, including a serious flaw that could have been exploited to eavesdrop on users.
The post Vulnerability Allowed Eavesdropping via Sonos Smart Speakers appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Releases Guide to Enhance Software Security Evaluations
/in General NewsCISA has released a guide to enhance how organizations evaluate software manufacturers’ security practices, emphasizing product security over enterprise security measures for defending against cyber threats.
Cyware News – Latest Cyber News – Read More
Ransomware Attack Costs loanDepot Almost $27 Million
/in General NewsThe $27 million in costs included insurance recoveries, investigation and remediation costs, customer notifications, legal fees, and settlement costs for a class-action lawsuit.
Cyware News – Latest Cyber News – Read More
Physical Security Firm ADT Confirms Hack and Data Breach
/in General NewsADT has confirmed that hackers have stolen information after 30,000 customer records were leaked recently.
The post Physical Security Firm ADT Confirms Hack and Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
DOJ Charges Nashville Man for Helping North Koreans Get U.S. Tech Jobs
/in General NewsThe U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a “laptop farm” to help get North Koreans remote jobs with American and British companies.
Matthew Isaac Knoot is charged with conspiracy to cause damage to protected computers, conspiracy to launder monetary instruments, conspiracy to commit wire fraud, intentional
The Hacker News – Read More