BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
Exploit DB
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
- [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk
/in General NewsPalo Alto, USA, 29th March 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
/in General NewsIn what’s an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process.
Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract
The Hacker News – Read More
Evilginx Tool (Still) Bypasses MFA
/in General NewsBased on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens.
darkreading – Read More
New Morphing Meerkat Phishing Kit Exploits DNS to Spoof 100+ Brands
/in General NewsA recent analysis published by Infoblox reveals a sophisticated phishing operation, dubbed Morphing Meerkat, actively exploiting DNS vulnerabilities…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Oracle Still Denies Breach as Researchers Persist
/in General NewsEvidence suggests an attacker gained access to the company’s cloud infrastructure environment, but Oracle insists that didn’t happen.
darkreading – Read More
Harmonic Security Raises $17.5M Series A to Accelerate Zero-Touch Data Protection to Market
/in General NewsPost Content
darkreading – Read More
Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations
/in General NewsPost Content
darkreading – Read More
How to Implement CMMS Software in Your Organization
/in General NewsLet’s face it: Rolling out new software across an entire organization can feel like herding cats. Between data…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Again and again, NSO Group’s customers keep getting their spyware operations caught
/in General NewsDespite the stealthy nature of spyware, security researchers keep detecting Pegasus spyware attacks in part because of sloppy ‘operational security.’
Security News | TechCrunch – Read More
Signal is in the news and for the wrong reasons, yet again
/in General News“The human is the weakest link in the security chain.” Recent events in Washington have demonstrated this principle cliche with painful clarity. This week, we’ve all witnessed yet another high-profile security breach involving Signal, the messaging app. A senior member of President Trump’s national security team added Jeffrey Goldberg, the editor-in-chief of The Atlantic, to a private Signal…
Source
techsplicer – Read More