BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Violence-as-a-Service: Encrypted Apps Used in Recruiting Teens as Hitmen
/in General NewsEuropean police, led by Denmark and Sweden, are arresting individuals in a crackdown on violence-as-a-service, where criminal groups recruit teenagers online for contract killings. Learn about Europol’s OTF GRIMM task force and how they’re fighting this disturbing trend.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages
/in General NewsThe April 2025 cyber attacks targeting U.K. retailers Marks & Spencer and Co-op have been classified as a “single combined cyber event.”
That’s according to an assessment from the Cyber Monitoring Centre (CMC), a U.K.-based independent, non-profit body set up by the insurance industry to categorize major cyber events.
“Given that one threat actor claimed responsibility for both M&S and
The Hacker News – Read More
Israel Says Iran Is Hacking Security Cameras for Spying
/in General NewsPlus: Ukrainian hackers reportedly knock out a key Russian internet provider, China’s Salt Typhoon hackers claim another victim, and the UK hits 23andMe with a hefty fine over its 2023 data breach.
Security Latest – Read More
Aflac Finds Suspicious Activity on US Network That May Impact Social Security Numbers, Other Data
/in General NewsAflac said that it’s in the early stages of a review of the incident, and so far is unable to determine the total number of affected individuals.
The post Aflac Finds Suspicious Activity on US Network That May Impact Social Security Numbers, Other Data appeared first on SecurityWeek.
SecurityWeek – Read More
AWS Enhances Cloud Security With Better Visibility Features
/in General NewsAt this week’s re:Inforce 2025 conference, the cloud giant introduced new capabilities to several core security products to provide customers with better visibility and more context on potential threats.
darkreading – Read More
Hospital cyber attacks cost $600K/hour. Here’s how AI is changing the math
/in General NewsHow Alberta Health Services is using advanced AI to bolster its defenses as attackers increasingly target healthcare facilities.Read More
Security News | VentureBeat – Read More
Anubis Ransomware Lists Disneyland Paris as New Victim
/in General NewsAnubis ransomware group claims a 64GB data breach at Disneyland Paris, leaking some engineering files and attraction plans via its dark web site.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Hackers Post Dozens of Malicious Copycat Repos to GitHub
/in General NewsAs package registries find better ways to combat cyberattacks, threat actors are finding other methods for spreading their malware to developers.
darkreading – Read More
Anthropic study: Leading AI models show up to 96% blackmail rate against executives
/in General NewsAnthropic research reveals AI models from OpenAI, Google, Meta and others chose blackmail, corporate espionage and lethal actions when facing shutdown or conflicting goals.Read More
Security News | VentureBeat – Read More
Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
/in General NewsThe threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals.
The new feature takes the form of a “Call Lawyer” feature on the affiliate panel, per Israeli cybersecurity company Cybereason.
The
The Hacker News – Read More