BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
Exploit DB
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
- [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
KeePass Review (2025): Features, Pricing, and Security
/in General NewsWhile its downloadable plugins make it highly customizable, KeePass’ unintuitive interface holds it back from one of our top password manager picks.
Security | TechRepublic – Read More
Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers
/in General NewsIntroduction
As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices.
For service providers, adhering to NIST
The Hacker News – Read More
Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks
/in General NewsNorth Korea’s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem.
The post Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Questions Remain Over Attacks Causing DrayTek Router Reboots
/in General NewsDrayTek has shared some clarifications regarding the recent attacks causing router reboots, but some questions remain unanswered.
The post Questions Remain Over Attacks Causing DrayTek Router Reboots appeared first on SecurityWeek.
SecurityWeek – Read More
Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users
/in General NewsGmail now allows enterprise users to send end-to-end encrypted emails to colleagues, and will soon allow sending to any inbox.
The post Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users appeared first on SecurityWeek.
SecurityWeek – Read More
Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities
/in General NewsChrome 135 and Firefox 137 were released on Tuesday with fixes for several high-severity memory safety vulnerabilities.
The post Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
/in General NewsThe financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems.
“This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine,” Swiss
The Hacker News – Read More
New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
/in General NewsCybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems.
“Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and system calls),” Zscaler ThreatLabz researcher Muhammed Irfan V A said in
The Hacker News – Read More
Malaysian Airport’s Cyber Disruption a Warning for Asia
/in General NewsTransportation facilities and networks slowly adapt to changes and threats, leaving them vulnerable to agile cyberattackers, as demonstrated by the $10 million ransomware attack.
darkreading – Read More
Google Brings End-to-End Encryption to Gmail
/in General NewsThe new Google Workspace features will make it easier for enterprise customers to implement end-to-end encryption within Gmail.
darkreading – Read More