BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison
/in General NewsSagar Steven Singh and Nicholas Ceraolo, members of the Vile group, get prison sentences for identity theft and hacking.
The post Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison appeared first on SecurityWeek.
SecurityWeek – Read More
Carding Marketplace BidenCash Shut Down by Authorities
/in General NewsAuthorities seized 145 domains associated with BidenCash, a marketplace for stolen credit cards and personal information.
The post Carding Marketplace BidenCash Shut Down by Authorities appeared first on SecurityWeek.
SecurityWeek – Read More
DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown
/in General NewsThe U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet and dark web domains associated with an illicit carding marketplace called BidenCash.
“The operators of the BidenCash marketplace use the platform to simplify the process of buying and selling stolen credit cards and associated personal information,” the DoJ said. “BidenCash
The Hacker News – Read More
Lee Enterprises Says 40,000 Hit by Ransomware-Caused Data Breach
/in General NewsLee Enterprises has completed its investigation into the recent ransomware attack and confirmed that a data breach occurred.
The post Lee Enterprises Says 40,000 Hit by Ransomware-Caused Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Gang Leaks Alleged Kettering Health Data
/in General NewsThe Interlock ransomware group has leaked data allegedly stolen from Kettering Health in a recent cyberattack.
The post Ransomware Gang Leaks Alleged Kettering Health Data appeared first on SecurityWeek.
SecurityWeek – Read More
What Really Happened in the Aftermath of the Lizard Squad Hacks
/in General NewsOn Christmas Day in 2014 hackers knocked out the Xbox and PlayStation gaming networks, impacting how video game companies handled cybersecurity for years.
Security Latest – Read More
Iranian APT ‘BladedFeline’ Hides in Network for 8 Years
/in General NewsESET published research on the Iranian APT “BladedFeline,” which researchers believe is a subgroup of the cyber-espionage entity APT34.
darkreading – Read More
China Issues Warrants for Alleged Taiwanese Hackers and Bans a Business for Pro-Independence Links
/in General NewsChina issued warrants for 20 Taiwanese people it said carried out hacking missions in the Chinese mainland on behalf of the island’s ruling party.
The post China Issues Warrants for Alleged Taiwanese Hackers and Bans a Business for Pro-Independence Links appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
/in General NewsCisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems.
The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static credential vulnerability.
“A
The Hacker News – Read More
Vodafone Germany Fined $51 Million Over Privacy, Security Failures
/in General NewsGermany fined Vodafone $51 million for failing to protect user data from partners and unauthorized third-parties.
The post Vodafone Germany Fined $51 Million Over Privacy, Security Failures appeared first on SecurityWeek.
SecurityWeek – Read More