BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Suspects in ‘Russian Coms’ Spoofing Service Arrested in London, as NCA Announces Takedown
/in General NewsThe caller ID spoofing service, which was established in 2021, is believed to have caused financial losses in the tens of millions and had around 170,000 victims in Britain.
Cyware News – Latest Cyber News – Read More
New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication
/in General NewsCybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service (BITS) as a command-and-control (C2) mechanism.
The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Labs, which made the discovery on June 25, 2024, in connection with a cyber attack targeting an
The Hacker News – Read More
Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal
/in General NewsEnterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critical vulnerabilities keep affecting these systems and put critical business data at risk.
The
The Hacker News – Read More
New BlankBot Android Trojan Can Steal User Data
/in General NewsThe BlankBot Android trojan exfiltrates user data, executes C&C commands, and supports custom injections, keylogging, and screen recording.
The post New BlankBot Android Trojan Can Steal User Data appeared first on SecurityWeek.
SecurityWeek – Read More
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft
/in General NewsA recent malvertising campaign has been exposed, where threat actors take over social media pages, rebranding them as popular AI photo editors and posting malicious links to fake websites.
Cyware News – Latest Cyber News – Read More
Credo AI Raises $21M to Help Enterprises Deploy AI Safely and Responsibly
/in General NewsCredo AI, a startup specializing in artificial intelligence governance software, recently closed a $21 million Series B funding round led by CrimsoNox Capital, Mozilla Ventures, and FPV Ventures.
Cyware News – Latest Cyber News – Read More
Cloudflare Tunnels Abused for Malware Delivery
/in General NewsThreat actors are abusing Cloudflare’s TryCloudflare feature to create one-time tunnels for the distribution of remote access trojans.
The post Cloudflare Tunnels Abused for Malware Delivery appeared first on SecurityWeek.
SecurityWeek – Read More
APT41 Likely Compromised Taiwanese Government-Affiliated Research Institute with ShadowPad and Cobalt Strike
/in General NewsA government-affiliated research organization in Taiwan was attacked by APT41 hackers, a notorious Chinese hacking group known for targeting sensitive technologies. The breach, starting in July 2023, was identified by Cisco Talos researchers.
Cyware News – Latest Cyber News – Read More
CISA Warns of Avtech Camera Vulnerability Exploited in Wild
/in General NewsAn Avtech camera vulnerability that likely remains unfixed has been exploited in the wild, according to CISA.
The post CISA Warns of Avtech Camera Vulnerability Exploited in Wild appeared first on SecurityWeek.
SecurityWeek – Read More
Threat Intelligence: A Blessing and a Curse?
/in General NewsAccess to timely and accurate threat intelligence is essential for organizations, but it can be overwhelming to navigate the vast amount of available data and feeds. Balancing comprehensive information with relevance is crucial.
Cyware News – Latest Cyber News – Read More