BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Scattered Spider Aims at US Insurers After UK Retail Hit, Google Warns
/in General NewsScattered Spider targets US insurance firms after UK retail attacks, using social engineering to breach help desks and disrupt services, Google warns.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor
/in General NewsA now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper.
The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3).
Google addressed the flaw later that month after Kaspersky reported in-the-wild
The Hacker News – Read More
Pro-Cambodian hacktivists launch attacks on Thai government sites amid border dispute
/in General NewsThe AnonsecKh group, which goes by Bl4ckCyb3r on Telegram, claimed at least 73 attacks on Thai organizations in the two weeks following a May 28 incident in which a Cambodian soldier was killed in a skirmish with Thai forces.
The Record from Recorded Future News – Read More
ChatGPT can now connect to MCP servers – here’s how, and what to watch for
/in General NewsEmployees can access company data through the chatbot. OpenAI cautions users to review their tools for sensitive information.
Latest stories for ZDNET in Security – Read More
Why SMS two-factor authentication codes aren’t safe and what to use instead
/in General NewsA million two-factor authentication codes sent via SMS passed through an obscure third-party company. Here’s how it happened and why it’s a problem.
Latest stories for ZDNET in Security – Read More
Scattered Spider hackers targeting insurance industry following retail hits, Google warns
/in General NewsSecurity analysts at Google’s Threat Intelligence Group published a warning this week to insurance companies, writing that it is “now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity.”
The Record from Recorded Future News – Read More
Pro-Israel hacktivist group claims reponsibility for alleged Iranian bank hack
/in General NewsThe apparent cyberattack comes as Israel and Iran engage in a days-long escalating military conflict.
Security News | TechCrunch – Read More
LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents
/in General NewsCybersecurity researchers have disclosed a now-patched security flaw in LangChain’s LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts.
The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security.
LangSmith is an observability and evaluation platform that allows users to
The Hacker News – Read More
Hacklink Market Linked to SEO Poisoning Attacks in Google Results
/in General NewsCybersecurity researchers at Netcraft have discovered a series of new SEO poisoning related attacks exploiting Google’s search results…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Rapid Rebuild Hackathon 2025: When Legacy Meets Innovation
/in General NewsConsider this: Berkshire Hathaway, Warren Buffett’s $700 billion conglomerate, operates one of the most influential investor websites on…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More