BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
DOD cyber policy nominee vows to ‘revaluate’ offensive cyber guardrails
/in General NewsKatie Sutton, nominated to serve as assistant secretary of defense for cyber policy, told lawmakers that the U.S. needs to be able to effectively respond to cyberattacks.
The Record from Recorded Future News – Read More
ClickFix Scam: How to Protect Your Business Against This Evolving Threat
/in General NewsCybercriminals aren’t always loud and obvious. Sometimes, they play it quiet and smart. One of the tricks of…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Two Hacks, One Empire: The Cyber Assaults Disney Didn’t See Coming
/in General NewsDisney was hit by two major 2024 cyberattacks, an ex-employee’s sabotage and a hacker’s AI trap, exposing internal…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
/in General NewsThreat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks.
The activity, first observed by the Akamai Security Intelligence and Response Team (SIRT) in early April 2025, involves the exploitation of two operating system command
The Hacker News – Read More
Applying the OODA Loop to Solve the Shadow AI Problem
/in General NewsBy taking immediate actions, organizations can ensure that shadow AI is prevented and used constructively where possible.
The post Applying the OODA Loop to Solve the Shadow AI Problem appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Warns 2 SonicWall Vulnerabilities Under Active Exploitation
/in General NewsThe vulnerabilities affect SonicWall’s SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.
darkreading – Read More
Addressing the Top Cyber-Risks in Higher Education
/in General NewsAs attacks accelerate, security leaders must act to gain visibility across their entire institution’s network and systems and continuously educate their users on best practices.
darkreading – Read More
New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims
/in General NewsCybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes).
The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS threat intelligence firm Infoblox.
The attacks have been observed to lure victims with bogus
The Hacker News – Read More
How to securely attach an Apple AirTag to pretty much anything
/in General NewsThe UFO-like design of AirTags makes them a pain to attach to things. But I found a solution that makes the best finder tags available much easier to use.
Latest stories for ZDNET in Security – Read More
Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise
/in General NewsThreat actors are revisiting SAP NetWeaver instances to leverage webshells deployed via a recent zero-day vulnerability.
The post Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise appeared first on SecurityWeek.
SecurityWeek – Read More