BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Pre-Installed Malware on Cheap Android Phones Steals Crypto via Fake WhatsApp
/in General NewsCheap Android phones with preinstalled malware use fake apps like WhatsApp to hijack crypto transactions and steal wallet recovery phrases.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution
/in General NewsA threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation.
darkreading – Read More
Hertz says customers’ personal data and driver’s licenses stolen in data breach
/in General NewsThe car rental giant attributed the breach to Cleo, whose customers had data stolen by a ransomware gang in 2024.
Security News | TechCrunch – Read More
Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities
/in General NewsThe flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.
The post Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese APTs Exploit EDR ‘Visibility Gap’ for Cyber Espionage
/in General NewsBlind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here’s how experts say you can get eyes on it all.
darkreading – Read More
Taiwan charges Chinese ship captain with breaking subsea cables
/in General NewsThe captain of a Chinese-crewed ship has been charged in Taiwan with breaking a subsea cable near the island, the first such formal charge following almost a dozen similar incidents in recent years.
The Record from Recorded Future News – Read More
Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed
/in General NewsTrend Micro researchers flagging problems with Nvidia’s patch for a critical, code execution vulnerability in the Nvidia Container Toolkit.
The post Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed appeared first on SecurityWeek.
SecurityWeek – Read More
A New ‘It RAT’: Stealthy ‘Resolver’ Malware Burrows In
/in General NewsA new infostealer on the market is making big waves globally, replacing Lumma et al. in attacks and employing so many stealth, persistence, and anti-analysis tricks that it’s downright difficult to count them all.
darkreading – Read More
Rep. Green on CISA cuts, China hacking and cyber as a bipartisan issue
/in General NewsThe chair of the House Homeland Security Committee said his panel was prepared to take on pressing cyber policy challenges, like an estimated cyber workforce shortage of 50,000 professionals and burdensome digital compliance.
The Record from Recorded Future News – Read More
Hackers using AI-produced audio to impersonate tax preparers, IRS
/in General NewsArtificial Intelligence has supercharged an array of tax-season scams this year, with fraudsters using deepfake audio and other techniques to trick taxpayers into sending them money and financial documents.
The Record from Recorded Future News – Read More