BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Cybercriminals are trying to loot Australian pension accounts in new campaign
/in General NewsHackers over the weekend targeted Australian superannuation funds — investment accounts into which portions of employees’ wages are compulsorily placed.
The Record from Recorded Future News – Read More
Russia jails hacker for two years over cyberattack on local tech company
/in General NewsA Russian citizen has been sentenced to two years in a penal colony for launching a distributed denial-of-service (DDoS) attack against a local tech company.
The Record from Recorded Future News – Read More
State Bar of Texas Says Personal Information Stolen in Ransomware Attack
/in General NewsThe State Bar of Texas is notifying thousands of individuals that their personal information was stolen in a February ransomware attack.
The post State Bar of Texas Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Trump fires head of National Security Agency and Cyber Command
/in General NewsHaugh’s firing has seemingly caught senior lawmakers by surprise
Security News | TechCrunch – Read More
Lawmakers seek to close loophole limiting Secret Service investigations into cyber laundering
/in General NewsTwo U.S. senators reintroduced legislation on Thursday that would address limits on the ability of the Secret Service to investigate efforts to launder money made through cybercrime.
The Record from Recorded Future News – Read More
Secure Communications Evolve Beyond End-to-End Encryption
/in General NewsSignal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private.
darkreading – Read More
Critical Apache Parquet Vulnerability Leads to Remote Code Execution
/in General NewsA critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise.
The post Critical Apache Parquet Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek.
SecurityWeek – Read More
Oracle Confirms Cloud Hack
/in General NewsOracle has confirmed suffering a data breach but the tech giant is apparently trying to downplay the impact of the incident.
The post Oracle Confirms Cloud Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Have We Reached a Distroless Tipping Point?
/in General NewsThere’s a virtuous cycle in technology that pushes the boundaries of what’s being built and how it’s being used. A new technology development emerges and captures the world’s attention. People start experimenting and discover novel applications, use cases, and approaches to maximize the innovation’s potential. These use cases generate significant value, fueling demand for the next iteration of
The Hacker News – Read More
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack
/in General NewsEvidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
The post Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack appeared first on SecurityWeek.
SecurityWeek – Read More