BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
Exploit DB
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
- [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
/in General NewsMozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape.
“Following the recent Chrome sandbox escape (
The Hacker News – Read More
Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen
/in General NewsThe Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.
darkreading – Read More
Fake Snow White Movie Torrent Infects Devices with Malware
/in General NewsDisney’s latest Snow White movie, with a 1.6/10 IMDb rating, isn’t just the biggest flop the company has…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public
/in General NewsWIRED has found four new Venmo accounts that appear to be associated with Trump officials who were in an infamous Signal chat. One made a payment with a note consisting solely of an eggplant emoji.
Security Latest – Read More
OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update
/in General NewsThe artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward.
darkreading – Read More
How CISA Cuts Impact Election Security
/in General NewsState and federal security experts weighed in on the impact that budgetary and personnel cuts to CISA will have on election security as a whole.
darkreading – Read More
Hoff’s Rule: People First
/in General NewsDark Reading Confidential Episode 5: Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber incident and built from the ground up a security team and security culture.
darkreading – Read More
Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection
/in General NewsMicrosoft’s .NET MAUI lets developers build cross-platform apps in C#, but its use of binary blob files poses new risks by bypassing Android’s DEX-based security checks.
Security | TechRepublic – Read More
SignalGate Is Driving the Most US Downloads of Signal Ever
/in General NewsScandal surrounding the Trump administration’s Signal group chat has led to a landmark week for the encrypted messaging app’s adoption—its “largest US growth moment by a massive margin.”
Security Latest – Read More
Splunk Patches Dozens of Vulnerabilities
/in General NewsSplunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App.
The post Splunk Patches Dozens of Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More