BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Campcodes Online Hospital Management System 1.0 - SQL Injection
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
- [remote] Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
Australia Enforces Ransomware Payment Reporting
/in General NewsCovered organizations in Australia are now required to report ransomware and other cyber extortion payments within three days.
The post Australia Enforces Ransomware Payment Reporting appeared first on SecurityWeek.
SecurityWeek – Read More
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets
/in General NewsA growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America.
The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim’s contacts list.
“Recent
The Hacker News – Read More
Google Researchers Find New Chrome Zero-Day
/in General NewsReported by the Google Threat Analysis Group, the vulnerability might have been exploited by commercial spyware.
The post Google Researchers Find New Chrome Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names
/in General NewsMicrosoft and CrowdStrike are running a project that aims to align threat actor names, and Google and Palo Alto Networks will also contribute.
The post Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion
/in General NewsMicrosoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping.
“By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence,” Vasu Jakkal, corporate vice president at Microsoft
The Hacker News – Read More
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
/in General NewsGoogle has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing “patterns of concerning behavior observed over the past year.”
The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137.
The update will affect all Transport Layer Security (TLS)
The Hacker News – Read More
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
/in General NewsGoogle on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.
The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.
“Out of bounds read and write in V8 in Google
The Hacker News – Read More
EMR-ISAC Shuts Down: What Happens Now?
/in General NewsThe Emergency Management and Response – Information Sharing and Analysis Center provided essential information to the emergency services sector on physical and cyber threats and its closure leaves an information vacuum for these organizations.
darkreading – Read More
Exploitation Risk Grows for Critical Cisco Bug
/in General NewsNew details on the Cisco IOS XE vulnerability could help attackers develop a working exploit soon, researchers say.
darkreading – Read More
Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
/in General NewsLuxury brand Cartier disclosed a data breach in which an unauthorized party gained access to its systems and obtained some client information.
The post Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed appeared first on SecurityWeek.
SecurityWeek – Read More