BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Qantas Airlines Breached, Impacting 6M Customers
/in General NewsPassengers’ personal information was likely accessed via a third-party platform used at a call center, but didn’t include passport or credit card info.
darkreading – Read More
US Treasury Sanctions BPH Provider Aeza Group
/in General NewsIn the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer.
darkreading – Read More
Russian APT ‘Gamaredon’ Hits Ukraine With Fierce Phishing
/in General NewsA Russian APT known as “Gamaredon” is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine.
darkreading – Read More
Initial Access Broker Self-Patches Zero Days as Turf Control
/in General NewsA likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network.
darkreading – Read More
Phishers built fake Okta and Microsoft 365 login sites with AI – here’s how to protect yourself
/in General NewsOkta researchers found hackers could make a phishing site with AI in just 30 seconds. Here’s how to protect your business.
Latest stories for ZDNET in Security – Read More
India’s Max Financial says hacker accessed customer data from its insurance unit
/in General NewsThe insurance giant is one of the largest insurers in India.
Security News | TechCrunch – Read More
China-linked hackers spoof big-name brand websites to steal shoppers’ payment info
/in General NewsThe campaign uses thousands of phishing websites that mimic the design and product listings of retailers like Apple, Nordstrom and Hermes to trick people into entering their credit card information.
The Record from Recorded Future News – Read More
A Group of Young Cybercriminals Poses the ‘Most Imminent Threat’ of Cyberattacks Right Now
/in General NewsThe Scattered Spider hacking group has caused chaos among retailers, insurers, and airlines in recent months. Researchers warn that its flexible structure poses challenges for defense.
Security Latest – Read More
ClickFix Spin-off Attack Bypasses Key Browser Safeguards
/in General NewsA new threat vector exploits how modern browsers save HTML files, bypassing Mark of the Web and giving attackers another social-engineering attack for delivering malware.
darkreading – Read More
Qantas Confirms Major Data Breach Linked to Third-Party Vendor
/in General NewsQantas has confirmed a data breach after attackers gained access through a third-party call centre platform, affecting millions…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More