BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
/in General NewsAustrian privacy non-profit noyb (none of your business) has sent Meta’s Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users’ data for training its artificial intelligence (AI) models without an explicit opt-in.
The move comes weeks after the social media behemoth announced its plans to train its AI models
The Hacker News – Read More
Google Algorithm Slashes Reddit Traffic: What It Means for UGC Platforms
/in General NewsReddit Struggles After Google’s New Focus on Expertise
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks
/in General NewsAs threat actors continue to hop on the train of exploiting CVE-2025-31324, researchers are recommending that SAP administrators patch as soon as possible so that they don’t fall victim next.
darkreading – Read More
Fileless Remcos RAT Attack Evades Antivirus Using PowerShell Scripts
/in General NewsA new wave of attacks uses PowerShell and LNK files to secretly install Remcos RAT, enabling full remote…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data
/in General NewsCoinbase said a group of rogue contractors were bribed to pull customer data from internal systems, leading to a $20 million ransom demand.
The post Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data appeared first on SecurityWeek.
SecurityWeek – Read More
Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
/in General NewsCryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers.
“Criminals targeted our customer support agents overseas,” the company said in a statement. “They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly
The Hacker News – Read More
Kremlin-linked hackers target webmail servers of Eastern European government agencies
/in General NewsRussia-linked hackers known as APT28 mainly targeted entities in Ukraine, Bulgaria and Romania, but governments in Africa, South America and other parts of Europe were also affected.
The Record from Recorded Future News – Read More
FrigidStealer Malware Hits macOS Users via Fake Safari Browser Updates
/in General NewsFrigidStealer malware targets macOS users via fake browser updates, stealing passwords, crypto wallets, and notes using DNS-based data…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
RealDefense Partner Program Surpasses $100M in Annual Revenue
/in General NewsPost Content
darkreading – Read More
RSAC 2025: AI Everywhere, Trust Nowhere
/in General NewsWe’re at an inflection point. AI is changing the game, but the rules haven’t caught up.
darkreading – Read More