BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Researcher Says Patched Commvault Bug Still Exploitable
/in General NewsCISA added CVE-2025-34028 to its catalog of known exploited vulnerabilities, citing active attacks in the wild.
darkreading – Read More
Fake SSA Emails Trick Users into Installing ScreenConnect RAT
/in General NewsCybercriminals are using fake Social Security Administration emails to distribute the ScreenConnect RAT (Remote Access Trojan) and compromise…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
AWS report: Generative AI overtakes security in global tech budgets for 2025
/in General NewsNew AWS report reveals 45% of global IT leaders now prioritize generative AI over cybersecurity in 2025 tech budgets as companies race to hire AI talent and implement AI strategies despite persistent skills shortages.Read More
Security News | VentureBeat – Read More
The Signal Clone Mike Waltz Was Caught Using Has Direct Access to User Chats
/in General NewsA new analysis of TM Signal’s source code appears to show that the app sends users’ message logs in plaintext. At least one top Trump administration official used the app.
Security Latest – Read More
‘Easily Exploitable’ Langflow Vulnerability Requires Immediate Patching
/in General NewsThe vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.
darkreading – Read More
Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years
/in General NewsNow the US director of national intelligence, Gabbard failed to follow basic cybersecurity practices on several of her personal accounts, leaked records reviewed by WIRED reveal.
Security Latest – Read More
DOD cyber policy nominee vows to ‘revaluate’ offensive cyber guardrails
/in General NewsKatie Sutton, nominated to serve as assistant secretary of defense for cyber policy, told lawmakers that the U.S. needs to be able to effectively respond to cyberattacks.
The Record from Recorded Future News – Read More
ClickFix Scam: How to Protect Your Business Against This Evolving Threat
/in General NewsCybercriminals aren’t always loud and obvious. Sometimes, they play it quiet and smart. One of the tricks of…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Two Hacks, One Empire: The Cyber Assaults Disney Didn’t See Coming
/in General NewsDisney was hit by two major 2024 cyberattacks, an ex-employee’s sabotage and a hacker’s AI trap, exposing internal…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
/in General NewsThreat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks.
The activity, first observed by the Akamai Security Intelligence and Response Team (SIRT) in early April 2025, involves the exploitation of two operating system command
The Hacker News – Read More