BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
AI Agents May Have a Memory Problem
/in General NewsA new study by researchers at Princeton University and Sentient shows it’s surprisingly easy to trigger malicious behavior from AI agents by implanting fake “memories” into the data they rely on for making decisions.
darkreading – Read More
Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack
/in General NewsThe security software maker said the vulnerabilities in Endpoint Manager Mobile have been exploited in the wild against “a very limited number of customers” — for now — and stem from open source libraries.
darkreading – Read More
Nova Scotia Power says customer banking details may have been stolen by hackers
/in General NewsAn network intrusion at Nova Scotia Power in March led to a breach of sensitive customer data, the Canadian utility said in an update about the incident.
The Record from Recorded Future News – Read More
The Internet’s Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge
/in General NewsFollowing a WIRED inquiry, Telegram banned thousands of accounts used for crypto scam money laundering, including those of Haowang Guarantee, a black market that enabled over $27 billion in transactions.
Security Latest – Read More
Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware
/in General NewsGoogle bundles multiple safeguards under a single Android toggle to protect high-risk users from advanced mobile malware implants.
The post Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware appeared first on SecurityWeek.
SecurityWeek – Read More
RaaS Explained: How Cybercriminals Are Scaling Attacks Like Startups
/in General NewsThere is a lot of money in cyberattacks like ransomware, and unfortunately for organizations of all sizes, the…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
White House scraps plan to block data brokers from selling Americans’ sensitive data
/in General NewsThe decision to reverse course comes after an industry lobby group called for the rule change to be withdrawn.
Security News | TechCrunch – Read More
Google says hackers behind UK retail cyber campaign now also targeting US
/in General News“US retailers should take note” of recent cyberattacks on British companies, according to Google’s Threat Intelligence Group, as the financially motivated collective known as Scattered Spider appears to be connected.
The Record from Recorded Future News – Read More
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
/in General NewsAt least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver, indicating that multiple threat actors are taking advantage of the bug.
Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and the RansomExx ransomware
The Hacker News – Read More
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
/in General NewsSamsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild.
The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw.
“Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to
The Hacker News – Read More