BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan
/in General NewsPakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S.
“The group’s latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage and SMS,” Resecurity said in a report published earlier this week. “The goal is
The Hacker News – Read More
Ukrainian Sailors Are Using Telegram to Avoid Being Tricked Into Smuggling Oil for Russia
/in General NewsContract seafarers in Ukraine are turning to online whisper networks to keep themselves from being hired into Russia’s sanctions-busting shadow fleet.
Security Latest – Read More
Ransomware Attacks Are Getting Worse
/in General NewsPlus: US lawmakers have nothing to say about an Israeli influence campaign aimed at US voters, a former LA Dodgers owner wants to fix the internet, and more.
Security Latest – Read More
Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks
/in General NewsA suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024.
Cybersecurity company Volexity is tracking the activity under the moniker UTA0137, noting the adversary’s exclusive use of a malware called DISGOMOJI that’s written in Golang and is designed to infect Linux systems.
“It is a modified version of the public project
The Hacker News – Read More
Meta Halts AI Training on EU User Data Amid Privacy Concerns
/in General NewsMeta on Friday said it’s delaying its efforts to train the company’s large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC).
The company expressed disappointment at having to put its AI plans on pause, stating it had taken into account feedback from regulators and
The Hacker News – Read More
Vermont Governor Vetoes Data Privacy Bill, Saying State Would be Most Hostile to Businesses
/in General NewsRepublican Gov. Phil Scott said the legislation would have made Vermont “a national outlier and more hostile than any other state to many businesses and non-profits.”
The post Vermont Governor Vetoes Data Privacy Bill, Saying State Would be Most Hostile to Businesses appeared first on SecurityWeek.
SecurityWeek – Read More
Nvidia’s ‘Nemotron-4 340B’ model redefines synthetic data generation, rivals GPT-4
/in General NewsNvidia’s Nemotron-4 340B revolutionizes synthetic data generation for training large language models, empowering businesses across industries to create powerful, domain-specific LLMs.Read More
Security News | VentureBeat – Read More
‘Sleepy Pickle’ Exploit Subtly Poisons ML Models
/in General NewsA model can be perfectly innocent, yet still dangerous if the means by which it’s packed and unpacked are tainted.
darkreading – Read More
Apple Intelligence Could Introduce Device Security Risks
/in General NewsThe company focused heavily on data and system security in the announcement of its generative AI platform, Apple Intelligence, but experts worry that companies will have little visibility into data security.
darkreading – Read More
Panera Notifies Employees of Compromised Data
/in General NewsThough the company is informing affected individuals of a breach, it’s keeping the nature and scope of the cybersecurity incident that led to it under wraps.
darkreading – Read More