BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Google says hackers behind UK retail cyber campaign now also targeting US
/in General News“US retailers should take note” of recent cyberattacks on British companies, according to Google’s Threat Intelligence Group, as the financially motivated collective known as Scattered Spider appears to be connected.
The Record from Recorded Future News – Read More
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
/in General NewsAt least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver, indicating that multiple threat actors are taking advantage of the bug.
Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and the RansomExx ransomware
The Hacker News – Read More
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
/in General NewsSamsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild.
The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw.
“Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to
The Hacker News – Read More
North Korean Hackers Stole $88M by Posing as US Tech Workers
/in General NewsFlashpoint uncovers how North Korean hackers used fake identities to secure remote IT jobs in the US, siphoning…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Cybersecurity incident forces largest US steelmaker to take some operations offline
/in General NewsIn an 8-K filing with federal regulators, Nucor said the incident involved “unauthorized third party access to certain information technology systems” but did not explain further.
The Record from Recorded Future News – Read More
CFPB Quietly Kills Rule to Shield Americans From Data Brokers
/in General NewsRussell Vought, acting director of the Consumer Financial Protection Bureau, has canceled plans to more tightly regulate the sale of Americans’ sensitive personal data.
Security Latest – Read More
British retailer M&S reportedly set to claim £100 million from insurers after cyberattack
/in General NewsA cyberattack first detected over Easter weekend has reportedly already cost Marks & Spencer more than £60 million.
The Record from Recorded Future News – Read More
Is AI Use in the Workplace Out of Control?
/in General NewsTrying to block AI tools outright is a losing strategy. SaaS and AI are increasingly inseparable, and AI isn’t limited to tools like ChatGPT or Copilot anymore.
The post Is AI Use in the Workplace Out of Control? appeared first on SecurityWeek.
SecurityWeek – Read More
Marks & Spencer Confirms Customer Data Stolen in Cyberattack
/in General NewsThe British retailer said no account passwords were compromised in last month’s cyberattack, but the company will require customers to reset passwords “for extra peace of mind.”
darkreading – Read More
Meet AlphaEvolve, the Google AI that writes its own code—and just saved millions in computing costs
/in General NewsGoogle DeepMind’s AlphaEvolve AI system breaks a 56-year-old mathematical record by discovering a more efficient matrix multiplication algorithm that had eluded human mathematicians since Strassen’s 1969 breakthrough.Read More
Security News | VentureBeat – Read More