BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
/in General NewsThe U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world.
The sanctions also extend to its subsidiaries Aeza International Ltd., the U.K. branch of Aeza Group, as well
The Hacker News – Read More
CISA Warns of Two Exploited TeleMessage Vulnerabilities
/in General NewsCISA says two more vulnerabilities in the messaging application TeleMessage TM SGNL have been exploited in the wild.
The post CISA Warns of Two Exploited TeleMessage Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Cyberattack Targets International Criminal Court
/in General NewsThe International Criminal Court (ICC) has detected and contained a sophisticated and targeted cyberattack.
The post Cyberattack Targets International Criminal Court appeared first on SecurityWeek.
SecurityWeek – Read More
Qantas Data Breach Impacts Up to 6 Million Customers
/in General NewsAustralian airline Qantas says personal information stolen from systems hosting the service records of 6 million customers.
The post Qantas Data Breach Impacts Up to 6 Million Customers appeared first on SecurityWeek.
SecurityWeek – Read More
Vercel’s v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale
/in General NewsUnknown threat actors have been observed weaponizing v0, a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts.
“This observation signals a new evolution in the weaponization of Generative AI by threat actors who have demonstrated an ability to generate a functional phishing site from simple text prompts,” Okta
The Hacker News – Read More
Silver Fox Suspected in Taiwanese Campaign Using DeepSeek Lure
/in General NewsThe attack uses sideloading to deliver a variant of the popular Gh0stRAT malware and lures victims by posing — among other things — as a purported installer for DeepSeek’s LLM.
darkreading – Read More
ICEBlock, an app for anonymously reporting ICE sightings, goes viral overnight after Bondi criticism
/in General NewsThe citizen app for anonymously reporting ICE agents and raids went viral after criticism from the U.S. Attorney General.
Security News | TechCrunch – Read More
Like SEO, LLMs May Soon Fall Prey to Phishing Scams
/in General NewsJust as attackers have used SEO techniques to poison search engine results, they could rinse and repeat with artificial intelligence and the responses LLMs generate from user prompts.
darkreading – Read More
LevelBlue Acquires Trustwave, Forms World’s Largest Independent MSSP
/in General NewsAs the largest managed security services provider, the combined entity will offer cyber consulting, managed detection and response, and incident response services.
darkreading – Read More
Scope, Scale of Spurious North Korean IT Workers Emerges
/in General NewsMicrosoft warns thousands of North Korean workers have infiltrated tech, manufacturing, and transportation sectors to steal money and data.
darkreading – Read More