BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
US indicts Yemeni man in Black Kingdom ransomware attacks
/in General NewsThe U.S. Attorney’s Office for the Central District of California announced charges against Rami Khaled Ahmed for allegedly helping to develop and deploy Black Kingdom, which infected “approximately 1,500 computer systems.”
The Record from Recorded Future News – Read More
Mike Waltz Has Somehow Gotten Even Worse at Using Signal
/in General NewsA photo taken this week showed Mike Waltz using an app that looks like—but is not—Signal to communicate with top officials. “I don’t even know where to start with this,” says one expert.
Security Latest – Read More
Police Seize Dark Web Shop Pygmalion, Access User Data from 7K Orders
/in General NewsGerman police seized the dark web shop Pygmalion, gaining access to customer data linked to over 7,000 drug…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Dating app Raw exposed users’ location data and personal information
/in General NewsThe app claims it uses end-to-end encryption, but spilled its users’ dating preferences and granular location data to the open web.
Security News | TechCrunch – Read More
Attackers Ramp Up Efforts Targeting Developer Secrets
/in General NewsSoftware teams need to follow security best practices to eliminate the leak of secrets, as threat actors increase their scanning for configuration and repository files.
darkreading – Read More
UK Luxury Retailer Harrods Hit by Cyber Attack After M&S, Co-op
/in General NewsLuxury retailer Harrods confirms a cyber attack attempt, restricting internet access but keeping its online store running. Learn…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Despite Arrests, Scattered Spider Continues High-Profile Hacking
/in General NewsWhile law enforcement has identified and arrested several alleged members, the notorious threat group continues to wreak havoc.
darkreading – Read More
Cut CISA and Everyone Pays for It
/in General NewsGutting CISA won’t just lose us a partner. It will lose us momentum. And in this game, that’s when things break.
darkreading – Read More
Ransomware attacks on food and agriculture industry have doubled in 2025
/in General NewsThe uptick began in the fourth quarter of 2024 and continued into 2025, with the increases largely attributed to Clop’s exploitation of a popular file sharing service.
The Record from Recorded Future News – Read More
US wants to cut off key player in Southeast Asian cybercrime industry
/in General NewsThe Treasury Department issued the proposed rulemaking Thursday, stating that Huione Group has helped launder funds from North Korean state-backed cybercrime operations and investment scams originating in Southeast Asia.
The Record from Recorded Future News – Read More