BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Infostealer Ring Bust-up Takes Down 20,000 Malicious IPs
/in General NewsInterpol’s Operation Secure arrested more than 30 suspects across Vietnam, Sri Lanka, and Nauru, and seized 117 command-and-control servers allegedly used to run widespread phishing, business email compromise, and other cyber scams.
darkreading – Read More
ConnectWise to Rotate Code-Signing Certificates
/in General NewsThe move is unrelated to a recent nation-state attack the vendor endured but stems from a report by a third-party researcher.
darkreading – Read More
Infostealer Ring Bust-up Takes Down 20,000 Malicious IPs
/in General NewsInterpol’s Operation Secure arrested more than 20 suspects across Vietnam, Sri Lanka, and Naru, and seized 117 command-and-control servers allegedly used to run widespread phishing, business email compromise, and other cyber scams.
darkreading – Read More
CISA Warns of Remote Control Flaws in SinoTrack GPS Trackers
/in General NewsThe US CISA reports critical vulnerabilities in SinoTrack GPS devices that could let attackers remotely control vehicles and track locations. Discover the vulnerabilities and essential steps to secure your device.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Agentic AI Takes Over Gartner’s SRM Summit
/in General NewsAgentic AI was everywhere at Gartner’s Security & Risk Management Summit in Washington, DC, this year, as the AI security product engine chugs ahead at full speed.
darkreading – Read More
How Waymo Handles Footage From Events Like the LA Immigration Protests
/in General NewsWaymo driverless taxis capture troves of video footage in order to operate, but the company reveals very little about how much data is stored—and for how long.
Security Latest – Read More
US government’s vaccine website defaced with AI-generated content
/in General NewsThe content of a vaccines information website owned by the U.S. Department of Health and Human Services was swapped with gay-themed spam.
Security News | TechCrunch – Read More
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
/in General NewsFormer members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks.
“Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads,” ReliaQuest said in a report
The Hacker News – Read More
‘Generative AI helps us bend time’: CrowdStrike, Nvidia embed real-time LLM defense, changing how enterprises secure AI
/in General NewsFalcon is now built into Nvidia’s LLMs, delivering native runtime threat defense and eliminating blind spots across AI pipelines.Read More
Security News | VentureBeat – Read More
Google Bug Allowed Brute-Forcing of Any User Phone Number
/in General NewsThe weakness in Google’s password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks.
darkreading – Read More