BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
CrowdStrike Outage Renews Supply Chain Concerns, Federal Officials Say
/in General NewsFederal officials have raised concerns about the software supply chain and memory safety vulnerabilities following a global IT outage caused by a faulty CrowdStrike software update.
Cyware News – Latest Cyber News – Read More
Evasive Panda Compromises ISP to Distribute Malicious Software Updates
/in General NewsThe group used DNS poisoning to redirect software update queries to attacker-controlled servers, infecting victims with malware. Volexity detected one attack in Hong Kong, which ceased when the ISP took action.
Cyware News – Latest Cyber News – Read More
Surge in Magniber Ransomware Attacks Impact Home Users Worldwide
/in General NewsUnlike other ransomware groups targeting businesses, Magniber focuses on individuals. Victims report their devices getting infected after running software cracks. Ransom demands start at $1,000 and escalate to $5,000 if not paid within three days.
Cyware News – Latest Cyber News – Read More
332 Million Email Addresses Scraped from SOCRadar.io Published Online
/in General NewsA hacker known as USDoD claims to have scraped 332 million email addresses from SOCRadar.io, which were later…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
White House Officials Meet with Allies, Industry on Connected Car Risks
/in General NewsRepresentatives from various countries and the European Union participated in the meeting, addressing cybersecurity and data risks in connected vehicles. The meeting highlighted the importance of connected cars as a critical part of infrastructure.
Cyware News – Latest Cyber News – Read More
Linux Kernel Impacted by New SLUBStick Cross-Cache Attack
/in General NewsA new Linux Kernel attack called SLUBStick has a 99% success rate in turning a limited heap vulnerability into a powerful memory read-and-write capability, allowing for privilege escalation and container escape.
Cyware News – Latest Cyber News – Read More
Apple Unveils Homomorphic Encryption Package for Secure Cloud Computing
/in General NewsApple’s open-source “swift-homomorphic-encryption” package revolutionizes privacy in cloud computing. It allows computations on encrypted data without decryption, safeguarding…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Researchers Uncover Flaws in Windows Smart App Control and SmartScreen
/in General NewsCybersecurity researchers have uncovered design weaknesses in Microsoft’s Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings.
Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft in Windows 11 to block malicious, untrusted, and potentially unwanted apps from being run
The Hacker News – Read More
Kazakh Organizations Targeted by ‘Bloody Wolf’ Cyber Attacks
/in General NewsOrganizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT (aka Strigoi Master).
“The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijack restricted data,” cybersecurity vendor BI.ZONE said in a new analysis.
The cyber attacks employ
The Hacker News – Read More
Mozilla Follows Google in Distrusting Entrust’s TLS Certificates
/in General NewsMozilla has joined Google in no longer trusting Entrust as a root certificate authority due to compliance failures and inadequate responses. Google was the first to make this decision, citing concerning behaviors from Entrust.
Cyware News – Latest Cyber News – Read More