BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
SAP Zero-Day Targeted Since January, Many Sectors Impacted
/in General NewsHundreds of SAP NetWeaver instances hacked via a zero-day that allows remote code execution, not only arbitrary file uploads, as initially believed.
The post SAP Zero-Day Targeted Since January, Many Sectors Impacted appeared first on SecurityWeek.
SecurityWeek – Read More
Valuable Information Leaked in LockBit Ransomware Hack
/in General NewsPrivate messages, Bitcoin addresses, victim data, and attacker information were leaked after someone hacked a LockBit admin panel.
The post Valuable Information Leaked in LockBit Ransomware Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
/in General NewsGoogle on Thursday announced it’s rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android.
The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops.
“The on-device approach provides instant insight on risky websites and allows us to offer
The Hacker News – Read More
Your password manager is under attack, and this new threat makes it worse: How to defend yourself
/in General NewsHeard of polymorphic browser extensions yet? You will. These savage imposters threaten the very future of credential management. Here’s what you need to know – and do.
Latest stories for ZDNET in Security – Read More
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
/in General NewsA China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver.
Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025.
CVE-2025-31324 refers to a critical SAP NetWeaver flaw
The Hacker News – Read More
US Customs and Border Protection Quietly Revokes Protections for Pregnant Women and Infants
/in General NewsCBP’s acting commissioner has rescinded four Biden-era policies that aimed to protect vulnerable people in the agency’s custody, including mothers, infants, and the elderly.
Security Latest – Read More
A timeline of South Korean telco giant SKT’s data breach
/in General NewsIn April, South Korea’s telco giant SK Telecom (SKT) was hit by a cyberattack that led to the theft of personal data on approximately 23 million customers, equivalent to almost half of the country’s 52 million residents. At a National Assembly hearing in Seoul on Thursday, SKT chief executive Young-sang Ryu said about 250,000 users […]
Security News | TechCrunch – Read More
From Complexity to Clarity: The Blueprint for Scalable Workflow Automation
/in General NewsCloud-native applications offer scalable, automated workflows, intelligent data processing, and seamless deployments. However, many organizations still struggle to…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
SonicWall Issues Patch for Exploit Chain in SMA Devices
/in General NewsThree vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild.
darkreading – Read More
Email-Based Attacks Top Cyber-Insurance Claims
/in General NewsCyber-insurance carrier Coalition said business email compromise and funds transfer fraud accounted for 60% of claims in 2024.
darkreading – Read More