BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via the Chat Transfer Function
- [webapps] Simple File List WordPress Plugin 4.2.2 - File Upload to RCE
- [webapps] Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE
- [webapps] Joomla JS Jobs plugin 1.4.2 - SQL injection
- [remote] Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS)
- [remote] Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow
- [webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Telegram Bot Username
- [webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname
- [webapps] Discourse 3.1.1 - Unauthenticated Chat Message Access
- [webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field
More than 100,000 impacted by December data breach at Ascension Health
/in General NewsAscension Health revealed another security incident this week, warning more than 100,000 people in multiple states that their information was likely accessed by hackers late last year.
The Record from Recorded Future News – Read More
npm Malware Targets Crypto Wallets, MongoDB; Code Points to Turkey
/in General NewsSonatype discovered ‘crypto-encrypt-ts’, a malicious npm package impersonating the popular CryptoJS library to steal crypto and personal data.…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Experts Debate Real ID Security Ahead of May 7 Deadline
/in General NewsReal IDs have been in the works since 2005. Are their security standards still rigorous enough in 2025?
darkreading – Read More
Nefilim ransomware suspect extradited from Spain to US
/in General NewsUkrainian national Artem Stryzhak is accused of using Nefilim ransomware to target large companies in the U.S. and elsewhere.
The Record from Recorded Future News – Read More
Scammers Use Spain-Portugal Blackout for TAP Air Refund Phishing Scam
/in General NewsSEO: Cybercriminals are using the recent power outages in Spain and Portugal to launch phishing attacks disguised as…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
North Korean IT worker scam is now a threat to all companies, cybersecurity experts say
/in General NewsOne cybersecurity expert even said he recently found evidence that a U.S. political campaign in Oregon hired a North Korean IT worker.
The Record from Recorded Future News – Read More
Getting Outlook.com Ready for Bulk Email Compliance
/in General NewsMicrosoft has set May 5 as the deadline for bulk email compliance. In this Tech Tip, we show how organizations can still make the deadline.
darkreading – Read More
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
/in General NewsCybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin.
The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code.
“Pinging functionality that can report back to a command-and-control (C&C) server
The Hacker News – Read More
Canadian Electric Utility Hit by Cyberattack
/in General NewsNova Scotia Power and Emera are responding to a cybersecurity incident that impacted IT systems and networks.
The post Canadian Electric Utility Hit by Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
A Cybersecurity Paradox: Even Resilient Organizations Are Blind to AI Threats
/in General NewsA LevelBlue report looks at what goes into the security postures of a cyber-resilient organization, and found that AI is still a blind spot.
darkreading – Read More