BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
CloudSEK Raises $19 Million for Threat Intelligence Platform
/in General NewsThreat protection and intelligence firm CloudSEK raises $19 million in funding from new and existing investors.
The post CloudSEK Raises $19 Million for Threat Intelligence Platform appeared first on SecurityWeek.
SecurityWeek – Read More
O2 Service Vulnerability Exposed User Location
/in General NewsA vulnerability in O2’s implementation of the IMS standard resulted in user location data being exposed in network responses.
The post O2 Service Vulnerability Exposed User Location appeared first on SecurityWeek.
SecurityWeek – Read More
New Nitrogen Ransomware Targets Financial Firms in the US, UK and Canada
/in General NewsNitrogen, a ransomware strain, has emerged as a major threat to organizations worldwide, with a particular focus on…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse
/in General NewsCybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers.
The malicious activity has been codenamed RedisRaider by Datadog Security Labs.
“RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,”
The Hacker News – Read More
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
/in General NewsCybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs.
All three packages are no longer available on PyPI. The names of the Python packages are below –
checker-SaGaF (2,605 downloads)
steinlurks (1,049 downloads)
sinnercore (3,300 downloads)
The Hacker News – Read More
‘Operation RoundPress’ Targets Ukraine in XSS Webmail Attacks
/in General NewsA cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-phishing attacks that exploit XSS vulnerabilities.
darkreading – Read More
Serviceaide Leak Exposes Records of 500,000 Catholic Health Patients
/in General NewsServiceaide data leak exposes sensitive health info of 500K Catholic Health patients due to misconfigured database; risk of ID theft and fraud.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Trump Signs Controversial Law Targeting Nonconsensual Sexual Content
/in General NewsThe Take It Down Act requires platforms to remove instances of “intimate visual depiction” within two days. Free speech advocates warn it could be weaponized to fuel censorship.
Security Latest – Read More
BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software
/in General NewsSan Francisco incident response coordination startup banks $15 million in a Series A funding round led by Ballistic Ventures.
The post BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft just launched an AI that discovered a new chemical in 200 hours instead of years
/in General NewsMicrosoft launches Discovery platform that uses agentic AI to compress years of scientific research into days, transforming R&D across pharmaceuticals, materials science, and semiconductor industries.Read More
Security News | VentureBeat – Read More