BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Trump administration takes aim at Biden and Obama cybersecurity rules
/in General NewsIn a White House fact sheet, the administration claims that Biden’s Executive Order 14144 — signed days before the end of his presidency — was an attempt “to sneak problematic and distracting issues into cybersecurity policy.”
Security News | TechCrunch – Read More
Over 20 Malicious Apps on Google Play Target Users for Seed Phrases
/in General NewsOver 20 malicious apps on Google Play are stealing crypto seed phrases by posing as trusted wallets and exchanges, putting users’ funds at risk.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking
/in General NewsPlus: A 22-year-old former intern gets put in charge of a key anti-terrorism program, threat intelligence firms finally wrangle their confusing names for hacker groups, and more.
Security Latest – Read More
After its data was wiped, KiranaPro’s co-founder cannot rule out an external hack
/in General NewsExclusive: The company’s co-founder and CTO blame a former employee for a breach, but cannot rule out that it wasn’t.
Security News | TechCrunch – Read More
Italian lawmakers say Italy used spyware to target phones of immigration activists, but not against journalist
/in General NewsA parliamentary investigation answered some — but not all — the questions related to a spyware scandal involving the use of the Israeli company’s spyware, Graphite.
Security News | TechCrunch – Read More
Cutting-Edge ClickFix Tactics Snowball, Pushing Phishing Forward
/in General NewsSeveral widespread ClickFix campaigns are underway, bent on delivering malware to business targets, and they represent a new level of phishing sophistication that defenders need to be prepared for, researchers warn.
darkreading – Read More
Anthropic appoints a national security expert to its governing trust
/in General NewsAnthropic’s long-term benefit trust is a governance mechanism that Anthropic claims helps it promote safety over profit, and which has the power to elect some of the company’s board of directors.
Security News | TechCrunch – Read More
Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight
/in General NewsIn an effort to evade detection, cybercriminals are increasingly turning to “residential proxy” services that cover their tracks by making it look like everyday online activity.
Security Latest – Read More
F5 Acquires Agentic AI Security Startup Fletch
/in General NewsAgentic AI technology will be integrated into the recently launched F5 Application Delivery and Security Platform.
darkreading – Read More
BADBOX 2.0 Targets Home Networks in Botnet Campaign, FBI Warns
/in General NewsThough the operation was partially disrupted earlier this year, the botnet remains active and continues to target connected Android devices.
darkreading – Read More