BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Cybersecurity M&A Roundup: 31 Deals Announced in April 2025
/in General NewsThirty-one cybersecurity merger and acquisition (M&A) deals were announced in April 2025.
The post Cybersecurity M&A Roundup: 31 Deals Announced in April 2025 appeared first on SecurityWeek.
SecurityWeek – Read More
TikTok Fined $600 Million for China Data Transfers That Broke EU Privacy Rules
/in General NewsEU privacy watchdog fined TikTok $600 million after a four-year investigation found that data transfers to China put users at risk of spying, in breach of strict EU data privacy rules.
The post TikTok Fined $600 Million for China Data Transfers That Broke EU Privacy Rules appeared first on SecurityWeek.
SecurityWeek – Read More
Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
/in General NewsThe threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal.
“TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information,” Recorded Future Insikt Group said. “TerraLogger, by contrast
The Hacker News – Read More
watchTowr Warns of Active Exploitation of SonicWall SMA 100 Devices
/in General NewswatchTowr reveals active exploitation of SonicWall SMA 100 vulnerabilities (CVE-2024-38475 & CVE-2023-44221) potentially leading to full system takeover…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Billions of Apple Devices at Risk from “AirBorne” AirPlay Vulnerabilities
/in General NewsOligo Security uncovers “AirBorne,” a set of 23 vulnerabilities in Apple AirPlay affecting billions of devices. Learn how…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
/in General NewsCybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system’s primary disk and render it unbootable.
The names of the packages are listed below –
github[.]com/truthfulpharm/prototransform
github[.]com/blankloggia/go-mcp
github[.]com/steelpoor/tlsproxy
“Despite appearing legitimate,
The Hacker News – Read More
Phishing Emails Impersonating Qantas Target Credit Card Info
/in General NewsFake Qantas emails in a sophisticated phishing scam steal credit card and personal info from Australians, bypassing major…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
How Riot Games is fighting the war against video game hackers
/in General NewsRiot’s “anti-cheat artisan” Phillip Koskinas explains how he and his team go after cheaters and cheat developers to protect the integrity of games, such as Valorant and League of Legends.
Security News | TechCrunch – Read More
Hacking Spree Hits UK Retail Giants
/in General NewsPlus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death.
Security Latest – Read More
Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware
/in General NewsAn Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years.
The activity, which lasted from at least May 2023 to February 2025, entailed “extensive espionage operations and suspected network prepositioning – a tactic often used to maintain persistent access for future
The Hacker News – Read More