BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
/in General NewsThe Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that’s targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER.
“While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool
The Hacker News – Read More
Chinese APT IronHusky Deploys Updated MysterySnail RAT on Russia
/in General NewsKaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Cozy Bear’s Wine Lure Drops WineLoader Malware on EU Diplomats
/in General NewsMidnight Blizzard (APT29/Cozy Bear) targets European embassies and Ministries of Foreign Affairs with sophisticated phishing emails disguised as…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
/in General NewsCybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below –
node-telegram-utils (132 downloads)
node-telegram-bots-api (82 downloads)
node-telegram-util (73 downloads)
According to supply chain
The Hacker News – Read More
Florida Man Enters the Encryption Wars
/in General NewsPlus: A US judge rules against police cell phone “tower dumps,” China names alleged NSA agents it says were involved in cyberattacks, and Customs and Border Protection reveals its social media spying tools.
Security Latest – Read More
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
/in General NewsASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices.
The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0.
“An improper authentication control vulnerability exists in certain ASUS router firmware series,”
The Hacker News – Read More
Identity as the new perimeter: National Oilwell Varco’s approach to stopping the 79% of attacks that are malware-free
/in General NewsNOV’s CIO led a cyber strategy fusing Zero Trust, AI, and airtight identity controls to cut threats by 35x and eliminating reimaging.Read More
Security News | VentureBeat – Read More
Organizations Fix Less Than Half of All Exploitable Vulnerabilities, With Just 21% of GenAI App Flaws Resolved
/in General NewsPost Content
darkreading – Read More
Could Ransomware Survive Without Cryptocurrency?
/in General NewsThreat actors would be at least temporarily derailed, experts say. But the real issue ladders back to organizations’ weak cyber hygiene.
darkreading – Read More
AWWA Supports Introduction of Collaborative Cybersecurity Legislation
/in General NewsPost Content
darkreading – Read More