BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying
/in General NewsA new US indictment against a group of Russian nationals offers a clear example of how, authorities say, a single malware operation can enable both criminal and state-sponsored hacking.
Security Latest – Read More
Microsoft says Lumma password stealer malware found on 394,000 Windows PCs
/in General NewsMicrosoft and law enforcement announced a coordinated takedown of the Lumma pasword-stealing malware.
Security News | TechCrunch – Read More
Operation RapTor: 270 Arrested in Global Crackdown on Dark Web Vendors
/in General NewsGlobal crackdown: Operation RapTor leads to 270 arrests, millions seized as law enforcement targets dark web drug, weapon, and crypto vendors.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
7 ways to thwart phone thieves – and avoid China’s infamous ‘stolen iPhone building’
/in General NewsPhone theft is on the rise, especially in major cities. Even locked phones are tempting targets for thieves, as they can be sold for parts. Here’s how to protect your device before it’s too late.
Latest stories for ZDNET in Security – Read More
CISA: Russia’s Fancy Bear Targeting Logistics, IT Firms
/in General NewsThe mission is to gather information that could help Russia in its war against Ukraine.
darkreading – Read More
Chinese-speaking hackers targeting US municipalities with Cityworks bug
/in General NewsSince January, cybersecurity experts have seen Chinese-speaking hackers exploiting a bug impacting a tool used by local governments to manage critical infrastructure assets and other services.
The Record from Recorded Future News – Read More
Anthropic overtakes OpenAI: Claude Opus 4 codes seven hours nonstop, sets record SWE-Bench score and reshapes enterprise AI
/in General NewsAnthropic’s Claude Opus 4 outperforms OpenAI’s GPT-4.1 with unprecedented seven-hour autonomous coding sessions and record-breaking 72.5% SWE-bench score, transforming AI from quick-response tool to day-long collaborator.Read More
Security News | VentureBeat – Read More
Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw
/in General NewsAkamai documents a privilege escalation flaw in Windows Server 2025 after Redmond declines to ship an immediate patch.
The post Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
/in General NewsA Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell.
“UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access,” Cisco Talos researchers
The Hacker News – Read More
Why Image Quality Drops When Resizing a JPEG (and How to Fix It)
/in General NewsEver tried resizing an image only to end up with a blurry, pixelated mess? Whether you’re adjusting a…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More