BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Private 5G: New Possibilities — and Potential Pitfalls
/in General NewsWhile ushering in “great operational value” for organizations, private 5G networks add yet another layer to CISOs’ responsibilities.
darkreading – Read More
Russia detects first SuperCard malware attacks skimming bank data via NFC
/in General NewsMalware detected previously in Italy has popped up in Russia, researchers said. Attackers use it to access devices’ near field communications (NFC) and steal payment card data.
The Record from Recorded Future News – Read More
Operation Endgame: Do Takedowns and Arrests Matter?
/in General NewsCybercrime response needs more aggressive actions from those seeking to protect victims and pursue criminals.
darkreading – Read More
UK watchdog fines 23andMe over 2023 data breach
/in General NewsThe ICO said over 150,000 U.K. residents had data stolen in the breach.
Security News | TechCrunch – Read More
Hackers Exploit Critical Langflow Flaw to Unleash Flodrix Botnet
/in General NewsA vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data
darkreading – Read More
US Insurance Industry Warned of Scattered Spider Attacks
/in General NewsGoogle is warning insurance companies that Scattered Spider appears to have shifted its focus from the retail sector.
The post US Insurance Industry Warned of Scattered Spider Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Circumvent Raises $6 Million for Cloud Security Platform
/in General NewsCloud security startup Circumvent has raised $6 million to develop a network of agents for autonomous prioritization and remediation.
The post Circumvent Raises $6 Million for Cloud Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Pro-Israel hackers claim breach of Iranian bank amid military escalation
/in General NewsA group tracked as Predatory Sparrow said it was responsible for hacking Bank Sepah as the conflict between Israel and Iran intensified.
The Record from Recorded Future News – Read More
Zoomcar Data Breach Exposes Personal Info of 8.4 Million Users
/in General NewsZoomcar confirms 2025 breach affecting 8.4M users, echoing its 2018 data leak. Personal info exposed, financial data safe, investigation ongoing.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
/in General NewsCybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware.
“Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware,” Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed
The Hacker News – Read More