BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
LummaC2 Fractures as Acreed Malware Becomes Top Dog
/in General NewsLummaC2 formerly accounted for almost 92% of Russian Market’s credential theft log alerts. Now, the Acreed infostealer has replaced its market share.
darkreading – Read More
Chrome Drops Trust for Chunghwa, Netlock Certificates
/in General NewsDigital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies.
darkreading – Read More
Phone chipmaker Qualcomm fixes three zero-days exploited by hackers
/in General NewsGoogle’s Threat Analysis Group, which investigates government-backed hacks, was credited with the discovery of the zero-days.
Security News | TechCrunch – Read More
Code Bug at Compliance Firm Vanta Leaks Customer Data to Other Clients
/in General NewsCompliance automation provider Vanta confirms a software bug exposed private customer data to other users, impacting hundreds of…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
The UK Brings Cyberwarfare Out of the Closet
/in General NewsThe UK’s 2025 Strategic Defence Review outlines a unified approach to modern warfare, integrating cyber, AI, and electromagnetic capabilities across military domains.
The post The UK Brings Cyberwarfare Out of the Closet appeared first on SecurityWeek.
SecurityWeek – Read More
How the Farm Industry Spied on Animal Rights Activists and Pushed the FBI to Treat Them as Bioterrorists
/in General NewsFor years, a powerful farm industry group served up information on activists to the FBI. Records reveal a decade-long effort to see the animal rights movement labeled a “bioterrorism” threat.
Security Latest – Read More
The Role of Continuous Integration and Continuous Deployment (CI/CD) in DevOps
/in General NewsModern software development demands rapid delivery of high-quality applications that can adapt to changing business requirements and user…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack
/in General NewsThreat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware.
The DomainTools Investigations (DTI) team said it identified “malicious multi-stage downloader Powershell scripts” hosted on lure websites that masquerade as Gitcode and DocuSign.
”
The Hacker News – Read More
Indian grocery startup KiranaPro was hacked and its servers deleted, CEO confirms
/in General NewsThe company said the cyberattack destroyed its servers and customer data.
Security News | TechCrunch – Read More
Cyberattacks Hit Top Retailers: Cartier, North Face Among Latest Victims
/in General NewsNorth Face, Cartier, and Next Step Healthcare are the latest victims in a string of cyberattacks compromising customer…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More