BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
Exploit DB
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
- [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
Hackers target Taiwan with malware delivered via fake messaging apps
/in General NewsHackers have been targeting users in Taiwan with PJobRAT malware delivered through malicious instant messaging apps, according to new research.
The Record from Recorded Future News – Read More
Microsoft’s passwordless future is here for Outlook, Xbox, 365, and more
/in General NewsMicrosoft’s new sign-in screens push you to finally ditch passwords – here’s how.
Latest stories for ZDNET in Security – Read More
9-Year-Old NPM Crypto Package Hijacked for Information Theft
/in General NewsNearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers.
The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware
/in General NewsAnalysis found that 99% of healthcare organizations are vulnerable to publicly available exploits.
The post Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware appeared first on SecurityWeek.
SecurityWeek – Read More
Mozilla patches Firefox bug ‘exploited in the wild’, similar to bug attacking Chrome
/in General NewsThe bug fix comes days after Google fixed a similar vulnerability under attack in its Chrome browser.
Security News | TechCrunch – Read More
In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked
/in General NewsNoteworthy stories that might have slipped under the radar: Key members of Hellcat ransomware group identified, controversy around CrushFTP flaw CVE, NYU website hacked and defaced.
The post In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked appeared first on SecurityWeek.
SecurityWeek – Read More
Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters
/in General NewsThe phishing campaign is highly sophisticated!
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
New Issuance Requirements Improve HTTPS Certificate Validation
/in General NewsHTTPS certificate issuance now requires Multi-Perspective Issuance Corroboration and linting to improve validation.
The post New Issuance Requirements Improve HTTPS Certificate Validation appeared first on SecurityWeek.
SecurityWeek – Read More
Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe
/in General NewsThe Grandoreiro banking trojan has reemerged in new campaigns targeting users in Latin America and Europe.
The post Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe appeared first on SecurityWeek.
SecurityWeek – Read More
Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity
/in General NewsLong gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require solutions that go beyond storage and enable instant recovery to minimize downtime and data loss. This is
The Hacker News – Read More