BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
Hack of SEC social media account earns 14-month prison sentence for Alabama man
/in General NewsThe January 2024 attack resulted in fraudulent posts on the SEC’s account that altered the market value of bitcoin.
The Record from Recorded Future News – Read More
US man who hacked SEC’s X account to spike Bitcoin price sentenced to prison
/in General NewsThe Department of Justice announced Eric Council Jr. was sentenced to 14 months in prison for the hack.
Security News | TechCrunch – Read More
Shrink exploit windows, slash MTTP: Why ring deployment is now a must for enterprise defense
/in General NewsRing deployment slashes MTTP and legacy CVE risk. Learn how Ivanti and Southstar Bank are modernizing patch strategy with real-time intel.Read More
Security News | VentureBeat – Read More
Pwn2Own Berlin 2025: Windows 11, VMware, Firefox and Others Hacked
/in General NewsThe beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Australian Human Rights Commission Leaks Docs in Data Breach
/in General NewsAn internal error led to public disclosure of reams of sensitive data that could be co-opted for follow-on cyberattacks.
darkreading – Read More
Dynamic DNS Emerges as Go-to Cyberattack Facilitator
/in General NewsScattered Spider and other phishers and hacking groups are using rentable subdomains from dynamic DNS providers to obfuscate their activity and impersonate well-known brands.
darkreading – Read More
Attacker Specialization Puts Threat Modeling on Defensive
/in General NewsSpecialization among threat groups poses challenges for defenders, who now must distinguish between different actors responsible for different facets of an attack.
darkreading – Read More
Feds charge 12 more suspects in RICO case over crypto crime spree
/in General NewsSome of the suspects allegedly “cold-called victims and used social engineering to convince them their accounts were the subject of cyberattacks and the enterprise callers were attempting to help secure their accounts,” according to the DOJ.
The Record from Recorded Future News – Read More
Ivanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities
/in General NewsIvanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Pro-Ukraine Group Targets Russian Developers with Python Backdoor
/in General NewsReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More