BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Apple Joins Voluntary U.S. Government Commitment to AI Safety
/in General NewsSeparately, iPhone users will need to wait until October for Apple Intelligence LLM services.
Security | TechRepublic – Read More
‘Zeus’ Hacker Group Strikes Israeli Olympic Athletes in Data Leak
/in General NewsSecurity presence has been heightened in Paris to ensure that the Games are safe, and Israeli athletes have been provided with even more protection.
darkreading – Read More
Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw
/in General NewsVMware did not mention in-the-wild exploitation for CVE-2024-37085 but Microsoft says ransomware gangs are abusing the just-patched flaw.
The post Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw appeared first on SecurityWeek.
SecurityWeek – Read More
Phishing Campaign Exploited Proofpoint Email Protections for Spoofing
/in General NewsThreat actors have exploited Proofpoint’s email protection service to deliver millions of spoofed phishing emails.
The post Phishing Campaign Exploited Proofpoint Email Protections for Spoofing appeared first on SecurityWeek.
SecurityWeek – Read More
XSS and OAuth Combo Threatens Millions of Users Due to Hotjar Flaw
/in General NewsCybersecurity Experts Uncover Critical Vulnerabilities in Leading Web Analytics Platform Hotjar, Potentially Exposing Sensitive Data of Millions of…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild
/in General NewsCybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild.
The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords.
The flaw impacts the following versions of Acronis Cyber Infrastructure (ACI) –
&
The Hacker News – Read More
VPN Usage Increased 5016% in Bangladesh Amidst Online Censorship
/in General NewsVPN demand skyrockets in Bangladesh due to internet restrictions. Learn about the global impact of VPNs on internet…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover
/in General NewsAn attack flow that combines API flaws within “log in with” implementations and Web injection bugs could affect millions of websites.
darkreading – Read More
Report: Russian Ransomware Gangs Account for 69% of all Ransom Proceeds
/in General NewsAccording to an analysis by TRM Labs, Russian-speaking threat actors were responsible for over 69% of all ransomware-related cryptocurrency earnings in the past year, amounting to more than $500 million.
Cyware News – Latest Cyber News – Read More
Most people worry about deepfakes – and overestimate their ability to spot them
/in General NewsResearch shows voters around the world are nervous about political deepfakes, with some country’s citizens being far more concerned than others.
Latest news – Read More