BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Vote for the sessions you want to see at TechCrunch Disrupt 2025
/in General NewsWe were thrilled by the remarkable interest in speaking at TechCrunch Disrupt 2025, taking place October 27–29 at Moscone West in San Francisco. After an in-depth review process, we’ve selected 20 exceptional finalists—10 for breakout sessions and 10 for roundtables. Now, we’re putting the final decision in your hands. Audience Choice voting is open through […]
Security News | TechCrunch – Read More
CISO’s Guide To Web Privacy Validation And Why It’s Important
/in General NewsAre your web privacy controls protecting your users, or just a box-ticking exercise? This CISO’s guide provides a practical roadmap for continuous web privacy validation that’s aligned with real-world practices.
– Download the full guide here.
Web Privacy: From Legal Requirement to Business Essential
As regulators ramp up enforcement and users grow more privacy-aware, CISOs face a mounting
The Hacker News – Read More
Researchers Drop PoC for Fortinet CVE-2025-32756, Urging Quick Patching
/in General NewsResearchers have released PoC for CVE-2025-32756, a severe security flaw, that is actively being exploited in Fortinet products…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
A Starter Guide to Protecting Your Data From Hackers and Corporations
/in General NewsHackers. AI data scrapes. Government surveillance. Thinking about where to start when it comes to protecting your online privacy can be overwhelming. Here’s a simple guide for you—and anyone who claims they have nothing to hide.
Security Latest – Read More
⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs
/in General NewsCyber threats don’t show up one at a time anymore. They’re layered, planned, and often stay hidden until it’s too late.
For cybersecurity teams, the key isn’t just reacting to alerts—it’s spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today’s complex systems, we
The Hacker News – Read More
Nova Scotia Power Confirms Ransomware Attack, 280k Notified of Data Breach
/in General NewsNova Scotia Power has finally admitted that the recent cyberattack was a ransomware attack, but it hasn’t paid the hackers.
The post Nova Scotia Power Confirms Ransomware Attack, 280k Notified of Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
FBI Warns of Silent Ransom Group Targeting Law Firms via Scam Calls
/in General NewsFBI warns law firms: Silent Ransom Group uses phishing emails and fake IT calls to steal data, demanding ransom to prevent public leaks. The agency is also urges victims to share ransom evidence.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Last 24 hours: TechCrunch Disrupt 2025 Early Bird Deals will fly away after today
/in General NewsJust 24 hours left to lock in Early Bird pricing for TechCrunch Disrupt 2025 — happening October 27–29 at Moscone West in San Francisco. Save up to $900 on your pass, or bring someone brilliant with you for 90% off their ticket. This deal ends tonight at 11:59 p.m. PT. Grab your Early Bird discount […]
Security News | TechCrunch – Read More
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware
/in General NewsCybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework.
The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena.
“Catena uses embedded shellcode and configuration switching logic to stage
The Hacker News – Read More
Zimbra CVE-2024-27443 XSS Flaw Hits 129K Servers, Sednit Suspected
/in General NewsA critical XSS vulnerability, CVE-2024-27443, in Zimbra Collaboration Suite’s CalendarInvite feature is actively being exploited, potentially by the…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More