BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Campcodes Online Hospital Management System 1.0 - SQL Injection
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
- [remote] Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
/in General NewsLuxury brand Cartier disclosed a data breach in which an unauthorized party gained access to its systems and obtained some client information.
The post Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed appeared first on SecurityWeek.
SecurityWeek – Read More
Google quietly launches AI Edge Gallery, letting Android phones run AI without the cloud
/in General NewsGoogle quietly launched AI Edge Gallery, an experimental Android app that runs AI models offline without internet, bringing Hugging Face models directly to smartphones with enhanced privacy.Read More
Security News | VentureBeat – Read More
Trickbot, Conti Ransomware Operator Unmasked Amid Huge Ops Leak
/in General NewsAn anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware.
darkreading – Read More
Linux Crash Reporting Flaws (CVE-2025-5054, 4598) Expose Password Hashes
/in General NewsQualys details CVE-2025-5054 and CVE-2025-4598, critical vulnerabilities affecting Linux crash reporting tools like Apport and systemd-coredump. Learn how…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
How to Keep Your Litecoin Safe: A Practical Guide
/in General NewsLitecoin (LTC), often called the “silver to Bitcoin’s gold,” has long been popular for its speed, lower transaction…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Southwest has new rule that changes how you charge your phone mid-flight
/in General NewsPacking a portable charger for your next flight? Better read up on Southwest’s latest policy change.
Latest stories for ZDNET in Security – Read More
Vanta bug exposed customers’ data to other customers
/in General NewsThe compliance company said the customer data exposure was caused by a product change.
Security News | TechCrunch – Read More
International operation takes down crypting sites used for testing malware
/in General NewsThe sites were used for more than a decade by cybercriminals who wanted to test malware against security tools.
The Record from Recorded Future News – Read More
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
/in General NewsCybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies.
Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations and
The Hacker News – Read More
NSO Group asks judge for new trial, calling $167 million in damages ‘outrageous’
/in General NewsThe spyware maker claims the damages it was ordered to pay are “excessive,” and that the jury wanted to “bankrupt” the company.
Security News | TechCrunch – Read More