BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
How to install a smart lock on an existing deadbolt – and why this model is my top pick
/in General NewsThe Nuki smart lock comes with an array of features and works with your existing deadbolt, so you can still use a key.
Latest stories for ZDNET in Security – Read More
Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
/in General NewsThe spyware operation’s exposed customer email addresses and passwords were shared with data breach notification service Have I Been Pwned.
Security News | TechCrunch – Read More
‘Significant’ amount of customer data accessed during cyberattack on Qantas airline
/in General NewsAustralian airline Qantas alerted customers and authorities about a data breach at a contact center. The industry remains on edge after cyberattacks on airlines elsewhere.
The Record from Recorded Future News – Read More
Ransomware gang attacks German charity that feeds starving children
/in General NewsCybercriminals are extorting the German humanitarian aid group Welthungerhilfe (WHH) for 20 bitcoin. The charity said it will not pay.
The Record from Recorded Future News – Read More
Blind Eagle Linked to Russian Host Proton66 in Latin America Attacks
/in General NewsBlind Eagle hackers linked to Russian host Proton66 to target banks in Latin America using phishing and RATs. Trustwave urges stronger security.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Kelly Benefits Data Breach Impacts 550,000 People
/in General NewsAs Kelly Benefits’s investigation into a recent data breach progressed, the number of impacted individuals continued to grow.
The post Kelly Benefits Data Breach Impacts 550,000 People appeared first on SecurityWeek.
SecurityWeek – Read More
Qantas hack results in theft of 6 million passengers’ personal data
/in General NewsQantas, the largest airline in Australia, confirmed the theft of 6 million customers’ personal information.
Security News | TechCrunch – Read More
Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover
/in General NewsA vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites.
The post Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover appeared first on SecurityWeek.
SecurityWeek – Read More
Verizon and T-Mobile Deny Data Breaches as Millions of User Records Sold Online
/in General NewsUser claims to sell stolen Verizon and T-Mobile data for 116 million users online Verizon says data is old T-Mobile denies any breach and links to it.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
/in General NewsThe U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world.
The sanctions also extend to its subsidiaries Aeza International Ltd., the U.K. branch of Aeza Group, as well
The Hacker News – Read More