BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China
/in General NewsIreland’s Data Protection Commission (DPC) on Tuesday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users’ data to China.
“TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements,” the DPC said in a statement. ”
The Hacker News – Read More
Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures
/in General NewsThe US government says defense contractor Raytheon and Nightwing agreed to pay $8.4 million to settle False Claims Act allegations.
The post Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures appeared first on SecurityWeek.
SecurityWeek – Read More
Harrods becomes latest retailer to announce attempted cyberattack
/in General NewsLondon retailer Harrods said it had “recently experienced attempts to gain unauthorised access to some of our systems” but its security team “immediately took proactive steps to keep systems safe.”
The Record from Recorded Future News – Read More
How to Automate CVE and Vulnerability Advisory Response with Tines
/in General NewsRun by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition.
A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches advisories with CrowdStrike
The Hacker News – Read More
Nova Scotia Power Says Hackers Stole Customer Information
/in General NewsNova Scotia Power’s investigation has shown that the recent cyberattack resulted in the theft of some customer information.
The post Nova Scotia Power Says Hackers Stole Customer Information appeared first on SecurityWeek.
SecurityWeek – Read More
UK Retailers Co-op, Harrods and M&S Struggle With Cyberattacks
/in General NewsMajor UK retailers Co-op, Harrods, and M&S are scrambling to restore services that were affected by cyberattacks.
The post UK Retailers Co-op, Harrods and M&S Struggle With Cyberattacks appeared first on SecurityWeek.
SecurityWeek – Read More
200+ Fake Retail Sites Used in New Wave of Subscription Scams
/in General NewsBitdefender uncovers a massive surge in sophisticated subscription scams disguised as online shops and evolving mystery boxes. Learn…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
RSA Conference 2025 Announcement Summary (Day 3)
/in General NewsHundreds of companies showcased their products and services this week at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 Announcement Summary (Day 3) appeared first on SecurityWeek.
SecurityWeek – Read More
Ukrainian Nefilim Ransomware Affiliate Extradited to US
/in General NewsUkrainian national Artem Stryzhak was extradited to the US and charged with using Nefilim ransomware in attacks on large businesses.
The post Ukrainian Nefilim Ransomware Affiliate Extradited to US appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support
/in General NewsA year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishing-resistant authentication method by default.
“Brand new Microsoft accounts will now be ‘passwordless by default,'” Microsoft’s Joy Chik and Vasu Jakkal said. “New users will have several passwordless options for
The Hacker News – Read More