BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Major US grocery distributor warns of disruption after cyberattack
/in General NewsUNFI, a grocery distributor for Whole Foods and others, warned of disruptions to customer orders after a cyberattack.
Security News | TechCrunch – Read More
Major food wholesaler says cyberattack impacting distribution systems
/in General NewsThe statement said the Rhode Island-based company identified unauthorized activity on its systems on Thursday, prompting officials to take systems offline. The action “has temporarily impacted the Company’s ability to fulfill and distribute customer orders.”
The Record from Recorded Future News – Read More
New hacker group uses LockBit ransomware variant to target Russian companies
/in General NewsIn its latest campaign this spring, DarkGaboon was observed deploying LockBit 3.0 ransomware against victims in Russia, Positive Technologies said in a report last week.
The Record from Recorded Future News – Read More
Mirai Botnets Exploiting Wazuh Security Platform Vulnerability
/in General NewsCVE-2025-24016, a critical remote code execution vulnerability affecting Wazuh servers, has been exploited by Mirai botnets.
The post Mirai Botnets Exploiting Wazuh Security Platform Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Guardz Banks $56M Series B for All-in-One SMB Security
/in General NewsThe Israeli company said the Series B raise was led by ClearSky and included equity stakes for new backer Phoenix Financial.
The post Guardz Banks $56M Series B for All-in-One SMB Security appeared first on SecurityWeek.
SecurityWeek – Read More
Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems
/in General NewsTwo malicious NPM packages contain code that would delete production systems when triggered with the right credentials.
The post Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems appeared first on SecurityWeek.
SecurityWeek – Read More
React Native Aria Packages Backdoored in Supply Chain Attack
/in General NewsA threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Google fixes bug that could reveal users’ private phone numbers
/in General NewsThe bug allowed a researcher to uncover recovery phone numbers of nearly any Google account.
Security News | TechCrunch – Read More
Apple, Google, and Microsoft offer free password managers – but should you use them?
/in General NewsThe three dominant computing platforms have each tried to build features that help you manage passwords without paying for third-party software. Are any of them worth your time and effort?
Latest stories for ZDNET in Security – Read More
Kazakhstan detains over 140 for allegedly selling citizens’ data via Telegram channels
/in General NewsAuthorities said they busted a ring responsible for illegally extracting citizens’ data from Kazakhstan’s government networks and distributing it through Telegram and other ways.
The Record from Recorded Future News – Read More