BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Government email alert system GovDelivery used to send scam messages
/in General NewsThe state of Indiana attributed the scam emails to a compromised contractor’s account.
Security News | TechCrunch – Read More
DeepSeek, Deep Research Mean Deep Changes for AI Security
/in General NewsWhy securing the inference chain is now the top priority for AI applications and infrastructure.
darkreading – Read More
An $8.4 Billion Chinese Hub for Crypto Crime Is Incorporated in Colorado
/in General NewsBefore a crackdown by Telegram, Xinbi Guarantee grew into one of the internet’s biggest markets for Chinese-speaking crypto scammers and money laundering. And all registered to a US address.
Security Latest – Read More
Alabama says ‘cybersecurity event’ could disrupt state government services
/in General NewsAlabama Governor Kay Ivey said the state is responding to a “cybersecurity event” that has prompted government IT staff to work “around-the-clock to identify and mitigate impacts.”
The Record from Recorded Future News – Read More
SAP Patches Another Critical NetWeaver Vulnerability
/in General NewsSAP has released 16 new security notes on its May 2025 Security Patch Day, including a note dealing with another critical NetWeaver vulnerability.
The post SAP Patches Another Critical NetWeaver Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023
/in General NewsThe Radware Cloud WAF product vulnerabilities disclosed by CERT/CC were addressed two years ago.
The post Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023 appeared first on SecurityWeek.
SecurityWeek – Read More
Building Effective Security Programs Requires Strategy, Patience, and Clear Vision
/in General NewsCapital One executives share insights on how organizations should design their security program, implement passwordless technologies, and reduce their attack surface.
darkreading – Read More
Marks & Spencer Says Data Stolen in Ransomware Attack
/in General NewsMarks & Spencer has confirmed that personal information was stolen in a recent cyberattack claimed by a ransomware group.
The post Marks & Spencer Says Data Stolen in Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Marks & Spencer confirms customer data stolen in cyberattack
/in General NewsM&S said that some customer data — but not payment card details or passwords — had been breached in a recent cyberattack.
The Record from Recorded Future News – Read More
North Korean hackers target Ukrainian government in new espionage campaign
/in General NewsThe latest wave of activity in Ukraine suggests that Pyongyang is seeking to “better understand the appetite to continue fighting against the Russian invasion” and “the medium-term outlook of the conflict,” according to the latest report by cybersecurity firm Proofpoint.
The Record from Recorded Future News – Read More