BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Attackers Ramp Up Efforts Targeting Developer Secrets
/in General NewsSoftware teams need to follow security best practices to eliminate the leak of secrets, as threat actors increase their scanning for configuration and repository files.
darkreading – Read More
UK Luxury Retailer Harrods Hit by Cyber Attack After M&S, Co-op
/in General NewsLuxury retailer Harrods confirms a cyber attack attempt, restricting internet access but keeping its online store running. Learn…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Despite Arrests, Scattered Spider Continues High-Profile Hacking
/in General NewsWhile law enforcement has identified and arrested several alleged members, the notorious threat group continues to wreak havoc.
darkreading – Read More
Cut CISA and Everyone Pays for It
/in General NewsGutting CISA won’t just lose us a partner. It will lose us momentum. And in this game, that’s when things break.
darkreading – Read More
Ransomware attacks on food and agriculture industry have doubled in 2025
/in General NewsThe uptick began in the fourth quarter of 2024 and continued into 2025, with the increases largely attributed to Clop’s exploitation of a popular file sharing service.
The Record from Recorded Future News – Read More
US wants to cut off key player in Southeast Asian cybercrime industry
/in General NewsThe Treasury Department issued the proposed rulemaking Thursday, stating that Huione Group has helped launder funds from North Korean state-backed cybercrime operations and investment scams originating in Southeast Asia.
The Record from Recorded Future News – Read More
In Other News: NullPoint Source Code Leak, $17,500 for iPhone Flaw, BreachForums Down
/in General NewsNoteworthy stories that might have slipped under the radar: NullPoint Stealer source code leaked, researcher earns $17,500 from Apple for vulnerability, BreachForums down after zero-day exploitation by police.
The post In Other News: NullPoint Source Code Leak, $17,500 for iPhone Flaw, BreachForums Down appeared first on SecurityWeek.
SecurityWeek – Read More
TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China
/in General NewsIreland’s Data Protection Commission (DPC) on Tuesday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users’ data to China.
“TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements,” the DPC said in a statement. ”
The Hacker News – Read More
Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures
/in General NewsThe US government says defense contractor Raytheon and Nightwing agreed to pay $8.4 million to settle False Claims Act allegations.
The post Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures appeared first on SecurityWeek.
SecurityWeek – Read More
Harrods becomes latest retailer to announce attempted cyberattack
/in General NewsLondon retailer Harrods said it had “recently experienced attempts to gain unauthorised access to some of our systems” but its security team “immediately took proactive steps to keep systems safe.”
The Record from Recorded Future News – Read More