BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
US Senate Confirms First DOD Cyber Policy Chief
/in General NewsThe Senate has confirmed Michael Sulmeyer as the first cyber policy chief at the Defense Department, where he will serve as the assistant secretary of Defense for cyber policy.
Cyware News – Latest Cyber News – Read More
China’s Evasive Panda Attacks ISP to Send Malicious Software Updates
/in General NewsThe APT used DNS poisoning to install the Macma backdoor on targeted networks and then deliver malware to steal data via post-exploitation activity.
darkreading – Read More
Startup Spotlight: LeakSignal Helps Plug Leaky Data in Organizations
/in General NewsCybersecurity startup LeakSignal, a finalists in this year’s Black Hat USA Startup Spotlight competition, helps organizations see where data is leaking within their environment.
darkreading – Read More
Startup Spotlight: Knostic Tackles AI’s Oversharing Problem
/in General NewsCybersecurity startup Knostic, a finalists in this year’s Black Hat USA Startup Spotlight competition, adds guardrails to how AI uses enterprise data to ensure sensitive data does not get leaked.
darkreading – Read More
Israeli Hacktivist Group Claims it Took Down Iran’s Internet
/in General NewsWeRedEvils announced their intention to target Iranian systems on Telegram, claiming their attack was successful in infiltrating Iran’s computer systems, stealing data, and causing the outage.
Cyware News – Latest Cyber News – Read More
US Sues TikTok for Violating Children Privacy Protection Laws
/in General NewsThe lawsuit alleges that TikTok collected personal information from children under 13 without parental consent, failed to delete children-created accounts, and misled parents about data collection.
Cyware News – Latest Cyber News – Read More
Organizations Fail to Log 44% of Cyberattacks, Major Exposure Gaps Remain
/in General NewsAccording to Picus Security, organizations are failing to detect 44% of cyberattacks, revealing major exposure gaps. 40% of environments tested allowed for attack paths leading to domain admin access.
Cyware News – Latest Cyber News – Read More
CrowdStrike Outage Renews Supply Chain Concerns, Federal Officials Say
/in General NewsFederal officials have raised concerns about the software supply chain and memory safety vulnerabilities following a global IT outage caused by a faulty CrowdStrike software update.
Cyware News – Latest Cyber News – Read More
Evasive Panda Compromises ISP to Distribute Malicious Software Updates
/in General NewsThe group used DNS poisoning to redirect software update queries to attacker-controlled servers, infecting victims with malware. Volexity detected one attack in Hong Kong, which ceased when the ISP took action.
Cyware News – Latest Cyber News – Read More
Surge in Magniber Ransomware Attacks Impact Home Users Worldwide
/in General NewsUnlike other ransomware groups targeting businesses, Magniber focuses on individuals. Victims report their devices getting infected after running software cracks. Ransom demands start at $1,000 and escalate to $5,000 if not paid within three days.
Cyware News – Latest Cyber News – Read More