BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Threat Actor Selling 1.2 Billion Facebook Records, But Details Don’t Add Up
/in General NewsThreat actor ‘ByteBreaker’ claims to sell 1.2B Facebook records scraped via API abuse, but inconsistencies in data size and identity raise doubts.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Unimicron, Presto Attacks Mark Industrial Ransomware Surge
/in General NewsA number of major industrial organizations suffered ransomware attacks last quarter, such as PCB manufacturer Unimicron, appliance maker Presto, and more — a harbinger of a rapidly developing and diversifying threat landscape.
darkreading – Read More
Microsoft Sinkholes Domains, Disrupts Notorious ‘Lumma Stealer’ Malware Operation
/in General NewsRedmond’s threat hunters found 394,000 Windows systems talking to Lumma controllers, a victim pool included global manufacturers.
The post Microsoft Sinkholes Domains, Disrupts Notorious ‘Lumma Stealer’ Malware Operation appeared first on SecurityWeek.
SecurityWeek – Read More
Wyden: AT&T, T-Mobile, and Verizon weren’t notifying senators of surveillance requests
/in General NewsSen. Ron Wyden said in a letter that one U.S. phone carrier turned over Senate data to law enforcement without notifying the target.
Security News | TechCrunch – Read More
Nearly 70,000 impacted by Coinbase breach involving $20 million ransom demand
/in General NewsIn documents filed with regulators in Maine on Tuesday, Coinbase said the information leaked included details like photos of passports and government IDs, as well as account information such as balances and transaction history.
The Record from Recorded Future News – Read More
College student to plead guilty to PowerSchool hack
/in General NewsThe 19-year-old Assumption College student, Matthew Lane, also was charged Tuesday with hacking and demanding a ransom payment from an unnamed telecommunications company, according to Massachusetts federal prosecutors.
The Record from Recorded Future News – Read More
Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway
/in General NewsMore than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535.
The post Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway appeared first on SecurityWeek.
SecurityWeek – Read More
Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals
/in General NewsUS, European, and Japanese authorities, along with tech companies including Microsoft and Cloudflare, say they’ve disrupted Lumma, an infostealer popular with criminal gangs.
Security Latest – Read More
The Hidden Cybersecurity Risks of M&A
/in General NewsMerger and acquisition due diligence typically focuses on financials, legal risks, and operational efficiencies. Cybersecurity is often an afterthought — and that’s a problem.
darkreading – Read More
The Day I Found an APT Group In the Most Unlikely Place
/in General NewsDark Reading Confidential Episode 6: Cyber researchers Ismael Valenzuela and Vitor Ventura share riveting stories about the creative tricks they used to track down advanced persistent threat groups, and the surprises they discovered along the way.
darkreading – Read More