BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
Exploit DB
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
- [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
CoffeeLoader Malware Is Stacked With Vicious Evasion Tricks
/in General NewsNext-level malware represents a new era of malicious code developed specifically to get around modern security software like digital forensics tools and EDR, new research warns.
darkreading – Read More
Canadian hacker arrested for allegedly stealing data from Texas Republican Party
/in General NewsThe prominent hacker Aubrey Cottle is accused of hacking into a third-party hosting company for the websites for the Texas Republican Party and the Texas Right to Life anti-abortion group.
The Record from Recorded Future News – Read More
DoJ Seizes Over $8M from Sprawling Pig Butchering Scheme
/in General NewsThe department was able to trace the stolen funds to three main cryptocurrency accounts after being routed through a series of other platforms.
darkreading – Read More
Cybersecurity Professor Mysteriously Disappears as FBI Raids His Homes
/in General NewsXiaofeng Wang, a longtime computer science professor at Indiana University, has disappeared along with his wife, and their profiles on the school’s website were wiped ahead of recent FBI raids.
Security Latest – Read More
Runway Gen-4 solves AI video’s biggest problem: character consistency across scenes
/in General NewsRunway’s new Gen-4 AI creates consistent characters across entire videos from a single reference image, challenging OpenAI’s viral Ghibli trend and potentially transforming how Hollywood makes films.Read More
Security News | VentureBeat – Read More
Oracle under fire for its handling of separate security incidents
/in General NewsOracle has denied at least one breach, despite evidence to the contrary, as it begins notifying healthcare customers of a separate patient data breach.
Security News | TechCrunch – Read More
CISA Warns of Resurge Malware Connected to Ivanti Vuln
/in General NewsThreat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January.
darkreading – Read More
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
/in General NewsThe threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp.
The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208.
“The threat actor deploys payloads primarily by means of
The Hacker News – Read More
API testing firm APIsec exposed customer data during security lapse
/in General NewsThe API testing firm took down a database exposed to the internet without a password.
Security News | TechCrunch – Read More
Zero to Hero – A “Measured” Approach to Building a World-Class Offensive Security Program
/in General NewsA strong security program will sometimes require substantial organizational and cultural changes around security practices, and inevitably, a higher cost.
The post Zero to Hero – A “Measured” Approach to Building a World-Class Offensive Security Program appeared first on SecurityWeek.
SecurityWeek – Read More