BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
/in General NewsA China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver.
Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025.
CVE-2025-31324 refers to a critical SAP NetWeaver flaw
The Hacker News – Read More
US Customs and Border Protection Quietly Revokes Protections for Pregnant Women and Infants
/in General NewsCBP’s acting commissioner has rescinded four Biden-era policies that aimed to protect vulnerable people in the agency’s custody, including mothers, infants, and the elderly.
Security Latest – Read More
A timeline of South Korean telco giant SKT’s data breach
/in General NewsIn April, South Korea’s telco giant SK Telecom (SKT) was hit by a cyberattack that led to the theft of personal data on approximately 23 million customers, equivalent to almost half of the country’s 52 million residents. At a National Assembly hearing in Seoul on Thursday, SKT chief executive Young-sang Ryu said about 250,000 users […]
Security News | TechCrunch – Read More
From Complexity to Clarity: The Blueprint for Scalable Workflow Automation
/in General NewsCloud-native applications offer scalable, automated workflows, intelligent data processing, and seamless deployments. However, many organizations still struggle to…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
SonicWall Issues Patch for Exploit Chain in SMA Devices
/in General NewsThree vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild.
darkreading – Read More
Email-Based Attacks Top Cyber-Insurance Claims
/in General NewsCyber-insurance carrier Coalition said business email compromise and funds transfer fraud accounted for 60% of claims in 2024.
darkreading – Read More
PowerSchool Paid Ransom, Now Hackers Target Teachers for More
/in General NewsPowerSchool paid ransom after a major data breach; now hackers are targeting teachers and schools with direct extortion…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Alibaba’s ‘ZeroSearch’ lets AI learn to google itself — slashing training costs by 88 percent
/in General NewsAlibaba’s ZeroSearch trains large language models to beat Google Search and slash API costs by 88%, redefining how AI learns to retrieve information.Read More
Security News | VentureBeat – Read More
PowerSchool paid a hacker’s ransom, but now schools say they are being extorted
/in General NewsSchools in Toronto and North Carolina are reporting extortion attempts.
Security News | TechCrunch – Read More
Toronto school district says data not deleted after ransom was paid to hacker
/in General NewsAfter paying the hacker a ransom, PowerSchool previously said it believed the incident had been “contained” because the hacker turned over a video showing the data being deleted.
The Record from Recorded Future News – Read More