BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Undetectable Android Spyware Backfires, Leaks 62,000 User Logins
/in General NewsA vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts.
The post Undetectable Android Spyware Backfires, Leaks 62,000 User Logins appeared first on SecurityWeek.
SecurityWeek – Read More
Cisco Warns of Hardcoded Credentials in Enterprise Software
/in General NewsHardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root.
The post Cisco Warns of Hardcoded Credentials in Enterprise Software appeared first on SecurityWeek.
SecurityWeek – Read More
N Korean Hackers Drop NimDoor macOS Malware Via Fake Zoom Updates
/in General NewsSentinelLabs uncovers NimDoor, new North Korea-aligned macOS malware targeting Web3 and crypto firms. Exploits Nim, AppleScript, and steals Keychain, browser, shell, and Telegram data.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
The Hidden Weaknesses in AI SOC Tools that No One Talks About
/in General NewsIf you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterday’s SOC, today’s reality is different.
Modern security operations teams face a
The Hacker News – Read More
The Promise and Peril of Digital Security in the Age of Dictatorship
/in General NewsLGBTIQ+ organizations in El Salvador are using technology to protect themselves and create a record of the country’s ongoing authoritarian escalations against their community. It’s not without risks.
Security Latest – Read More
China Linked Houken Hackers Breach French Systems with Ivanti Zero Days
/in General NewsANSSI report details the Chinese UNC5174 linked Houken cyberattack using Ivanti zero-days (CVE-2024-8190, 8963, 9380) against the French government, defence and finance sector.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Ethereum’s Pivotal Role in Decentralized Finance Evolution
/in General NewsOnce upon a time, say, 2016, Ethereum was a curious new arrival in the crypto space. It promised…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
LLMs are on their way to becoming our greatest security vulnerability
/in General NewsLLMs are currently transforming all fields and are being weaponized by cyber attackers. In a brief span of time, GenAI has left its mark on cybersecurity as well. While gaining traction, its use in software development unfortunately has a detrimental effect on each iteration. Security is often overlooked in generated code, leading to more vulnerabilities than in intentionally secure code.
Source
Alex Macra – Read More
Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
/in General NewsCisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.
The vulnerability, tracked as CVE-2025-20309, carries a CVSS score
The Hacker News – Read More
Qantas Airlines Breached, Impacting 6M Customers
/in General NewsPassengers’ personal information was likely accessed via a third-party platform used at a call center, but didn’t include passport or credit card info.
darkreading – Read More