BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Casio warns employees, customers about data leak from October ransomware attack
/in General NewsIn a notice on Wednesday, Casio provided a post-mortem on an October attack, explaining that 6,456 employees, 1,931 business partners and 91 customers were impacted by the ransomware incident.
The Record from Recorded Future News – Read More
CrowdStrike Achieves FedRAMP Authorization for New Modules
/in General NewsPost Content
darkreading – Read More
Fed ‘Cyber Trust’ Label: Good Intentions That Fall Short
/in General NewsThe voluntary program is intended to boost consumer confidence in vulnerable IoT devices, but experts want to see vendors held to a higher standard.
darkreading – Read More
Palindrome Technologies Approved as Cybersecurity Label Administrator for FCC’s IoT Program
/in General NewsPost Content
darkreading – Read More
US to Launch Cyber Trust Mark to Label Secure Smart Devices
/in General NewsThe Cyber Trust Mark is designed to help consumers make more informed decisions about the cybersecurity of devices they may purchase.
Security | TechRepublic – Read More
Ivanti warns hackers are exploiting new vulnerability
/in General NewsThe company released an advisory and a corresponding blog about two bugs — CVE-2025-0282 and CVE-2025-0283 — and warned that some customers have already seen CVE-2025-0282 exploited in their environments.
The Record from Recorded Future News – Read More
Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Product
/in General NewsIvanti confirms zero-day exploitation of a remotely exploitable code execution flaw in its Connect Security product line.
The post Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Product appeared first on SecurityWeek.
SecurityWeek – Read More
Pall Mall Process to tackle commercial hacking proliferation raises more concerns than solutions
/in General NewsAn initiative spearheaded by France and the U.K. last year to tackle commercial spyware has experienced setbacks and significant gaps, according to participants.
The Record from Recorded Future News – Read More
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
/in General NewsCybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns.
Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious.
While there are safeguards such as DomainKeys
The Hacker News – Read More
Data of more than 8,500 customers breached on Green Bay Packers shopping website
/in General NewsThe Green Bay Packers Pro Shop website was exposed to malicious code that stole data about more than 8,500 shoppers, the NFL team says.
The Record from Recorded Future News – Read More