BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
Police Shut Down Fake Trading Platform That Scammed Hundreds
/in General NewsPolice in Europe have shut down a fake online trading platform that scammed hundreds of victims out of…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Ransomware Groups, Chinese APTs Exploit Recent SAP NetWeaver Flaws
/in General NewsTwo ransomware groups and several Chinese APTs have been exploiting two recent SAP NetWeaver vulnerabilities.
The post Ransomware Groups, Chinese APTs Exploit Recent SAP NetWeaver Flaws appeared first on SecurityWeek.
SecurityWeek – Read More
5 BCDR Essentials for Effective Ransomware Defense
/in General NewsRansomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently disclosed how threat actors misused its Quick Assist remote assistance tool to deploy the destructive
The Hacker News – Read More
Canadian Electric Utility Lists Customer Information Stolen by Hackers
/in General NewsNova Scotia Power says a wide range of personal and financial information was stolen in the recent cyberattack.
The post Canadian Electric Utility Lists Customer Information Stolen by Hackers appeared first on SecurityWeek.
SecurityWeek – Read More
Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’
/in General NewsGoogle has rolled out a Chrome 136 update that resolves a high-severity vulnerability for which a public exploit exists.
The post Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ appeared first on SecurityWeek.
SecurityWeek – Read More
Australian Human Rights Commission Discloses Data Breach
/in General NewsThe Australian Human Rights Commission says data submitted through the complaint form on its website was inadvertently exposed.
The post Australian Human Rights Commission Discloses Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
/in General NewsGoogle on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild.
The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader.
“Insufficient policy enforcement in Loader in Google
The Hacker News – Read More
Infosec Layoffs Aren’t the Bargain That Boards May Think
/in General NewsSalary savings come with hidden costs, including insider threats and depleted cybersecurity defenses, conveying advantages to skilled adversaries, experts argue.
darkreading – Read More
AI Agents May Have a Memory Problem
/in General NewsA new study by researchers at Princeton University and Sentient shows it’s surprisingly easy to trigger malicious behavior from AI agents by implanting fake “memories” into the data they rely on for making decisions.
darkreading – Read More
Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack
/in General NewsThe security software maker said the vulnerabilities in Endpoint Manager Mobile have been exploited in the wild against “a very limited number of customers” — for now — and stem from open source libraries.
darkreading – Read More