BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations
/in General NewsThe US government warns of threat actors targeting ICS/SCADA systems at oil and natural gas organizations.
The post US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations appeared first on SecurityWeek.
SecurityWeek – Read More
Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times
/in General NewsCybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan.
The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the open-source registry.
The Hacker News – Read More
Second OttoKit Vulnerability Exploited to Hack WordPress Sites
/in General NewsThreat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges.
The post Second OttoKit Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.
SecurityWeek – Read More
41 Countries Taking Part in NATO’s Locked Shields 2025 Cyber Defense Exercise
/in General NewsThe NATO Cooperative Cyber Defence Centre of Excellence in Estonia is hosting the Locked Shields 2025 cyber defense exercise.
The post 41 Countries Taking Part in NATO’s Locked Shields 2025 Cyber Defense Exercise appeared first on SecurityWeek.
SecurityWeek – Read More
NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware
/in General NewsA federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally.
WhatsApp originally filed the lawsuit against NSO Group in 2019,
The Hacker News – Read More
Jury orders NSO Group to pay $168 million to WhatsApp for facilitating Pegasus hacks of its users
/in General NewsThe six-year case is the culmination of a Meta lawsuit filed in 2019, which argued that the NSO Group repeatedly attacked WhatsApp with spyware vectors, continuing to break into its systems even as the social media giant patched vulnerabilities.
The Record from Recorded Future News – Read More
Researcher Says Patched Commvault Bug Still Exploitable
/in General NewsCISA added CVE-2025-34028 to its catalog of known exploited vulnerabilities, citing active attacks in the wild.
darkreading – Read More
Fake SSA Emails Trick Users into Installing ScreenConnect RAT
/in General NewsCybercriminals are using fake Social Security Administration emails to distribute the ScreenConnect RAT (Remote Access Trojan) and compromise…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
AWS report: Generative AI overtakes security in global tech budgets for 2025
/in General NewsNew AWS report reveals 45% of global IT leaders now prioritize generative AI over cybersecurity in 2025 tech budgets as companies race to hire AI talent and implement AI strategies despite persistent skills shortages.Read More
Security News | VentureBeat – Read More
The Signal Clone Mike Waltz Was Caught Using Has Direct Access to User Chats
/in General NewsA new analysis of TM Signal’s source code appears to show that the app sends users’ message logs in plaintext. At least one top Trump administration official used the app.
Security Latest – Read More