BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova
/in General NewsCompanies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy.
The findings come from cybersecurity firm F.A.C.C.T., which said the infection chains lead to the deployment of a malware called DSDownloader. The activity was observed this month, it added.
XDSpy is a threat actor of indeterminate origin that was first
The Hacker News – Read More
Senate Passes Bill to Protect Kids Online and Make Tech Companies Accountable for Harmful Content
/in General NewsThe US Senate has passed a bill to protect kids online and make tech companies accountable for harmful content.
The post Senate Passes Bill to Protect Kids Online and Make Tech Companies Accountable for Harmful Content appeared first on SecurityWeek.
SecurityWeek – Read More
DigiCert Revoking Many Certificates Due to Verification Issue
/in General NewsDigiCert is immediately revoking many certificates due to a domain validation issue, which could cause disruption to sites, apps and services.
The post DigiCert Revoking Many Certificates Due to Verification Issue appeared first on SecurityWeek.
SecurityWeek – Read More
Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes
/in General NewsA new malicious campaign has been observed making use of malicious Android apps to steal users’ SMS messages since at least February 2022 as part of a large-scale campaign.
The malicious apps, spanning over 107,000 unique samples, are designed to intercept one-time passwords (OTPs) used for online account verification to commit identity fraud.
“Of those 107,000 malware samples, over 99,000 of
The Hacker News – Read More
IBM: Cost of a Breach Reaches Nearly $5 Million, With Healthcare Being Hit the Hardest
/in General NewsBreaches impacted 17 industries across 16 countries and regions, with costs related to detecting breaches, notifying victims, post-breach response efforts, and lost business.
Cyware News – Latest Cyber News – Read More
Company Paid Record-Breaking $75 Million to Ransomware Group: Report
/in General NewsZscaler is aware of a company that paid a record-breaking $75 million ransom to the Dark Angels ransomware group.
The post Company Paid Record-Breaking $75 Million to Ransomware Group: Report appeared first on SecurityWeek.
SecurityWeek – Read More
Meta Agrees to $1.4B Settlement With Texas in Privacy Lawsuit Over Facial Recognition
/in General NewsMeta has agreed to a $1.4 billion settlement with Texas in a privacy lawsuit over a facial recognition feature.
The post Meta Agrees to $1.4B Settlement With Texas in Privacy Lawsuit Over Facial Recognition appeared first on SecurityWeek.
SecurityWeek – Read More
India-Linked SideWinder Group Pivots to Hacking Maritime Targets
/in General NewsThe nation-state espionage group known for attacking Pakistan has expanded its reach to targets in Egypt and Sri Lanka.
darkreading – Read More
Meta Settles for $1.4 Billion with Texas Over Illegal Biometric Data Collection
/in General NewsMeta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state of Texas over allegations that it illegally collected biometric data of millions of users without their permission, marking one of the largest penalties levied by regulators against the tech giant.
“This historic settlement demonstrates our commitment to standing up to
The Hacker News – Read More
Criminal Hackers Add GenAI Credentials to Underground Markets
/in General NewsAccording to the study, around 400 stolen GenAI credentials are being sold by threat actors per day.
darkreading – Read More