BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
23andMe bankruptcy draws investigation from House panel over data concerns
/in General NewsA House committee launched an investigation into the privacy and security risks associated with the bankruptcy of genetic testing company 23andMe and has asked its former CEO to testify at a hearing planned for early May.
The Record from Recorded Future News – Read More
Conduent Says Names, Social Security Numbers Stolen in Cyberattack
/in General NewsThe business services provider confirms personal information such as names and Social Security numbers was stolen in a January cyberattack.
The post Conduent Says Names, Social Security Numbers Stolen in Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
Kidney Dialysis Services Provider DaVita Hit by Ransomware
/in General NewsDaVita has not named the ransomware group behind the incident or share details on the attacker’s ransom demands.
The post Kidney Dialysis Services Provider DaVita Hit by Ransomware appeared first on SecurityWeek.
SecurityWeek – Read More
China-Backed Threat Actor ‘UNC5174’ Using Open Source Tools in Stealthy Attacks
/in General NewsSysdig researchers detailed an ongoing campaign from China-backed threat actor UNC5174, which is using open source hacking tools to stay under the radar.
darkreading – Read More
UK Software Firm Exposed 1.1TB of Healthcare Worker Records
/in General News8M UK healthcare worker records, including IDs and financial data, exposed due to a misconfigured staff management database…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Are We Prioritizing the Wrong Security Metrics?
/in General NewsTrue security isn’t about meeting deadlines — it’s about mitigating risk in a way that aligns with business objectives while protecting against real-world threats.
darkreading – Read More
Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds
/in General NewsEverybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations.
LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to merge
The Hacker News – Read More
New “Slopsquatting” Threat Emerges from AI-Generated Code Hallucinations
/in General NewsAI code tools often hallucinate fake packages, creating a new threat called slopsquatting that attackers can exploit in…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats
/in General NewsPartisia, Squareroot8, and NuSpace join forces in a global partnership to advance quantum-safe communications.
The post Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats appeared first on SecurityWeek.
SecurityWeek – Read More
NetRise Raises $10 Million to Grow Software Supply Chain Security Platform
/in General NewsThe funding round brings the total amount raised by the NetRise to roughly $25 million.
The post NetRise Raises $10 Million to Grow Software Supply Chain Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More