BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
/in General NewsLaw enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals.
“In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar,’ faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks,'” Europol said in a
The Hacker News – Read More
Nissan Leaf Hacked for Remote Spying, Physical Takeover
/in General NewsResearchers find vulnerabilities that can be exploited to remotely take control of a Nissan Leaf’s functions, including physical controls.
The post Nissan Leaf Hacked for Remote Spying, Physical Takeover appeared first on SecurityWeek.
SecurityWeek – Read More
Operations of Sensor Giant Sensata Disrupted by Ransomware Attack
/in General NewsSensata has informed the SEC that shipping, manufacturing and other operations have been impacted by a ransomware attack.
The post Operations of Sensor Giant Sensata Disrupted by Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages
/in General NewsCAPTCHA-evading Python framework AkiraBot has spammed over 80,000 websites with AI-generated spam messages.
The post ‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages appeared first on SecurityWeek.
SecurityWeek – Read More
AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections
/in General NewsCybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that’s used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization (SEO) services such as Akira and ServicewrapGO.
“AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September
The Hacker News – Read More
Industrial tech manufacturer Sensata says ransomware attack is impacting production
/in General NewsSensata Technologies, a U.S.-based manufacturer or industrial technologies with operations in about a dozen countries, told federal regulators that a recent ransomware attack disrupted key systems.
The Record from Recorded Future News – Read More
Hacker Claims WooCommerce Data Breach, Selling 4m User Records
/in General NewsA hacker using the alias “Satanic” claims a WooCommerce data breach via a third party, selling data on…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day
/in General NewsOne CVE was used against “a small number of targets.” Windows 10 users needed to wait a little bit for their patches.
Security | TechRepublic – Read More
US Comptroller Cyber ‘Incident’ Compromises Org’s Emails
/in General NewsA review of the emails involved in the breach is still ongoing, but what has been discovered is enough for the Treasury Department to label it a “major cyber incident.”
darkreading – Read More
Tariffs May Prompt Increase in Global Cyberattacks
/in General NewsCybersecurity and policy experts worry that if tariffs give way to a global recession, organizations will reduce their spending on cybersecurity.
darkreading – Read More