BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Morphing Meerkat Phishing Kits Target Over 100 Brands
/in General NewsA threat actor tracked as Morphing Meerkat abuses DNS mail exchange (MX) records to deliver spoofed login pages.
The post Morphing Meerkat Phishing Kits Target Over 100 Brands appeared first on SecurityWeek.
SecurityWeek – Read More
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
/in General NewsFirefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day.
The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on SecurityWeek.
SecurityWeek – Read More
PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps
/in General NewsAn Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps.
“PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices,” Sophos security researcher Pankaj Kohli said in a Thursday analysis.
PJobRAT, first
The Hacker News – Read More
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
/in General NewsCybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems.
“Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers,” Sonatype researcher Ax Sharma said. “However, […] the latest
The Hacker News – Read More
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
/in General NewsMozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape.
“Following the recent Chrome sandbox escape (
The Hacker News – Read More
Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen
/in General NewsThe Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.
darkreading – Read More
Fake Snow White Movie Torrent Infects Devices with Malware
/in General NewsDisney’s latest Snow White movie, with a 1.6/10 IMDb rating, isn’t just the biggest flop the company has…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public
/in General NewsWIRED has found four new Venmo accounts that appear to be associated with Trump officials who were in an infamous Signal chat. One made a payment with a note consisting solely of an eggplant emoji.
Security Latest – Read More
OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update
/in General NewsThe artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward.
darkreading – Read More
How CISA Cuts Impact Election Security
/in General NewsState and federal security experts weighed in on the impact that budgetary and personnel cuts to CISA will have on election security as a whole.
darkreading – Read More