BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
US Sanctions Myanmar Militia Involved in Cyber Scams
/in General NewsThe US has sanctioned Myanmar warlord Saw Chit Thu and his militia for their roles in cyber scams causing billions in losses to American victims.
The post US Sanctions Myanmar Militia Involved in Cyber Scams appeared first on SecurityWeek.
SecurityWeek – Read More
Europol, Poland Bust Major DDoS-for-Hire Operation, Arrest 4
/in General NewsPolish authorities arrest 4 behind major DDoS-for-hire sites used in global attacks. Europol, US, Germany, and Dutch forces…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks
/in General NewsAustin, USA / Texas, 7th May 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited, Warns CISA
/in General NewsCISA warns of active exploitation of critical Langflow vulnerability (CVE-2025-3248). Critical RCE flaw allows full server takeover. Patch…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack
/in General NewsMeta has won its WhatsApp hacking lawsuit against Israeli spyware company NSO Group in an “important step forward for privacy and security”.
The post Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack appeared first on SecurityWeek.
SecurityWeek – Read More
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
/in General NewsCybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges.
The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is
The Hacker News – Read More
AppSignal Raises $22 Million for Application Monitoring Solution
/in General NewsApplication performance monitoring provider AppSignal has raised $22 million in a Series A funding round led by Elsewhere Partners.
The post AppSignal Raises $22 Million for Application Monitoring Solution appeared first on SecurityWeek.
SecurityWeek – Read More
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
/in General NewsThreat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States.
The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by
The Hacker News – Read More
Ox Security lands a fresh $60M to scan for vulnerabilities in code
/in General NewsAs “vibe coding” gains in popularity and tech companies push devs in their employ to embrace generative AI tools, a platform that scans for vulnerabilities in AI-generated code has raised a fresh round of funding. Ox Security, which models risk across both AI- and human-produced code, on Wednesday announced that it closed a $60 million […]
Security News | TechCrunch – Read More
Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day
/in General NewsAt least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft.
The post Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More