BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
United Natural Food’s Operations Limp Through Cybersecurity Incident
/in General NewsIt’s unclear what kind of cyberattack occurred, but UNFI proactively took certain systems offline, which has disrupted the company’s operations.
darkreading – Read More
FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware
/in General NewsThe financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS) infrastructure to deliver a malware family called More_eggs.
“By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group builds rapport with recruiters before delivering phishing messages that lead to malware,” the
The Hacker News – Read More
Your Android phone is getting new security protections – and it’s a big deal for enterprises
/in General NewsGoogle has added new enterprise scale security protections for your organization’s Android devices. Here’s what they do.
Latest stories for ZDNET in Security – Read More
The ‘Long-Term Danger’ of Trump Sending Troops to the LA Protests
/in General NewsPresident Trump’s deployment of more than 700 Marines to Los Angeles—following ICE raids and mass protests—has ignited a fierce national debate over state sovereignty and civil-military boundaries.
Security Latest – Read More
OpenAI Shuts Down 10 Malicious AI Ops Linked to China, Russia, Iran, N. Korea
/in General NewsOpenAI, a leading artificial intelligence company, has revealed it is actively fighting widespread misuse of its AI tools…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
20 Top-Level Domain Names Abused by Hackers in Phishing Attacks
/in General NewsDisclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
5 plead guilty to laundering nearly $37 million stolen through Cambodian cyber scam centers
/in General NewsThe scheme is based in Cambodia, where people residing in scam centers contact U.S. victims through phone calls, texts, dating apps and other avenues to promote fake cryptocurrency investments.
The Record from Recorded Future News – Read More
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users
/in General NewsCybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that’s being propagated via fraudulent gaming websites.
“Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background,” Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan
The Hacker News – Read More
Poisoned npm Packages Disguised as Utilities Aim for System Wipeout
/in General NewsBackdoors lurking in legitimate-looking code contain file-deletion commands that can destroy production systems and cause massive disruptions to software supply chains.
darkreading – Read More
Hundreds of Russian devices hit by Rare Werewolf crypto-mining attacks
/in General NewsThe campaign has affected hundreds of Russian users, particularly targeting industrial enterprises and engineering schools, with additional victims reported in Belarus and Kazakhstan.
The Record from Recorded Future News – Read More