BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
How Businesses Can Align Cyber Defenses With Real Threats
/in General NewsCompanies that understand the motivations of their attackers and position themselves ahead of the competition will be in the best place to protect their business operations, brand reputation, and their bottom line.
darkreading – Read More
What Are Some Ways To Diversify Your Crypto Portfolio In 2025?
/in General NewsData from research suggests that the global cryptocurrency market will at least triple by 2030, increasing to an…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Cloudflare Puts a Default Block on AI Web Scraping
/in General NewsThe move could reshape how LLM developers gather information — and force new deals between creators and AI companies.
The post Cloudflare Puts a Default Block on AI Web Scraping appeared first on SecurityWeek.
SecurityWeek – Read More
LevelBlue to Acquire Trustwave to Create Major MSSP
/in General NewsLevelBlue has announced plans to acquire Trustwave to create the largest pure-play managed security services provider (MSSP).
The post LevelBlue to Acquire Trustwave to Create Major MSSP appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’
/in General NewsCISA has informed organizations about critical authentication bypass and remote code execution vulnerabilities in Microsens NMP Web+.
The post Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’ appeared first on SecurityWeek.
SecurityWeek – Read More
How SOCs Improve Key Cybersecurity KPIs with Better Threat Analysis
/in General NewsDisclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
263,000 Impacted by Esse Health Data Breach
/in General NewsEsse Health says the personal information of over 263,000 individuals was stolen in an April 2025 cyberattack.
The post 263,000 Impacted by Esse Health Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Iranian Hackers’ Preferred ICS Targets Left Open Amid Fresh US Attack Warning
/in General NewsThe US government is again warning about potential Iranian cyberattacks as researchers find that hackers’ favorite ICS targets remain exposed.
The post Iranian Hackers’ Preferred ICS Targets Left Open Amid Fresh US Attack Warning appeared first on SecurityWeek.
SecurityWeek – Read More
Google Patches Critical Zero-Day Flaw in Chrome’s V8 Engine After Active Exploitation
/in General NewsGoogle has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild.
The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine.
“Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary
The Hacker News – Read More
Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities
/in General NewsMany Citrix NetScaler systems are exposed to attacks exploiting the vulnerabilities tracked as CVE-2025-5777 and CVE-2025-6543.
The post Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More