BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets
/in General NewsU.S. prosecutors charged four foreign nationals and said a law enforcement operation seized internet domains associated with two powerful botnets.
The Record from Recorded Future News – Read More
Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades
/in General NewsJapanese finance regulators said that in April alone, nine securities firms reported 2,746 fraudulent transactions conducted through nearly 5,000 accounts that were breached by hackers.
The Record from Recorded Future News – Read More
FBI and Dutch police seize and shut down botnet of hacked routers
/in General NewsU.S. authorities indicted three Russians and one Kazakhstan national for hacking and selling access to a botnet made of vulnerable internet-connected devices.
Security News | TechCrunch – Read More
US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car
/in General NewsA CBP spokesperson tells WIRED that the agency plans to expand its program for real-time face recognition at the border, potentially aiding Trump administration efforts to track people who self-deport.
Security Latest – Read More
Commvault: Vulnerability Patch Works as Intended
/in General NewsThe security researcher who questioned the effectiveness of a patch for recently disclosed bug in Commvault Command Center did not test patched version, the company says.
darkreading – Read More
Insight Partners Data Breach: Bigger Impact Than Anticipated
/in General NewsThe investigation is ongoing, but the VC giant intends to inform affected customers on a rolling basis as more of the breach details come to light.
darkreading – Read More
OpenAI’s $3B Windsurf move: the real reason behind its enterprise AI agent code push
/in General NewsOpenAI’s $3B Windsurf buy puts it on defense as Google & Anthropic surge in AI-powered coding—discover the stakes for agentic development and enterprise teams.Read More
Security News | VentureBeat – Read More
Phishing Attack Uses Blob URIs to Show Fake Login Pages in Your Browser
/in General NewsCofense Intelligence reveals a novel phishing technique using blob URIs to create local fake login pages, bypassing email…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
/in General NewsSupply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor.
The post Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack appeared first on SecurityWeek.
SecurityWeek – Read More
In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak
/in General NewsNoteworthy stories that might have slipped under the radar: surge in cyberattacks between India and Pakistan, Radware cloud WAF vulnerabilities, xAI key leak.
The post In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak appeared first on SecurityWeek.
SecurityWeek – Read More