BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
How Digital Executive Protection Shields Top Leaders from Modern Threats
/in General NewsCybersecurity threats have emerged so quickly that most companies struggle to keep up and executives are often the…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Android May Soon Warn You About Fake Cell Towers
/in General NewsPlus: Iran-linked hackers threaten to release Trump campaign emails, Chinese hackers still in US telecoms networks, and an abusive deepfake website plans an expansion.
Security Latest – Read More
Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties
/in General NewsTaiwan’s National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China.
The alert comes following an inspection of these apps carried out in coordination with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal
The Hacker News – Read More
Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS
/in General NewsThreat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts.
“The attacker used a modified version of XMRig with a hard-“coded configuration, allowing them to avoid suspicious command-line arguments that are often flagged by defenders,” Wiz researchers Yaara Shriki and Gili
The Hacker News – Read More
NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
/in General NewsCybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China.
According to QiAnXin’s RedDrip Team, the threat actor has been active since 2023 and has switched network
The Hacker News – Read More
Cisco Issues Emergency Fix for Critical Root Credential Flaw in Unified CM
/in General NewsCisco fixes critical root credential vulnerability in Unified CM rated CVSS 10 urging users to patch now to stop remote admin takeovers.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed
/in General NewsNoteworthy stories that might have slipped under the radar: drug cartel hires hacker to identify FBI informants, prison time for Russian ransomware developer, ransomware negotiator investigated.
The post In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed appeared first on SecurityWeek.
SecurityWeek – Read More
Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It
/in General NewsGenerative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive enterprise data to leak—and most teams don’t even realize it.
If you’re building, deploying, or managing AI systems, now is the time to ask: Are your AI agents exposing confidential data
The Hacker News – Read More
Estonia’s cyber ambassador on digitalization, punching upwards and outing GRU spies
/in General NewsRecorded Future News spoke to Estonia’s cyber ambassador-at-large on the sidelines of the Tallinn Cyber Diplomacy Summer School about the country’s efforts to secure its digital services.
The Record from Recorded Future News – Read More
Hunters International Ransomware Gang Rebrands as World Leaks
/in General NewsHunters International ransomware gang closes after 55 confirmed and 199 unconfirmed cyberattacks. Read about its rebrand to World…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More