BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
From alerts to autonomy: How leading SOCs use AI copilots to fight signal overload and staffing shortfalls
/in General NewsSOCs are seeing false positive rates drop 70%, while shaving 40+ hrs a week of manual triage thanks to the rapid advances in AI copilots.Read More
Security News | VentureBeat – Read More
The Trump administration planned Yemen strikes in an unauthorized Signal chat
/in General NewsThe Trump administration’s national security leaders accidentally included the editor-in-chief of the Atlantic, Jeffrey Goldberg, in a chat on Signal discussing confidential plans to attack Yemen’s Houthis. “I could not believe that the national-security leadership of the United States would communicate on Signal about imminent war plans,” Goldberg wrote of the March 15 messages, which […]
Security News | TechCrunch – Read More
CloudSEK Disputes Oracle Over Data Breach Denial with New Evidence
/in General NewsOracle is caught up in a cybersecurity mess right now, with claims about a massive data breach affecting…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
5 Unexpected Devices You Didn’t Know Could Spread Malware
/in General NewsWhen you think of malware, your mind probably jumps to malicious downloads or email attachments. But it turns…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
How to Delete Your Data From 23andMe
/in General NewsDNA-testing company 23andMe has filed for bankruptcy, which means the future of the company’s vast trove of customer data is unknown. Here’s what that means for your genetic data.
Security Latest – Read More
Microsoft’s new AI agents aim to help security pros combat the latest threats
/in General NewsDesigned for Microsoft’s Security Copilot tool, the AI-powered agents will automate basic tasks, freeing IT and security staff to tackle more complex issues.
Latest stories for ZDNET in Security – Read More
FBI Warns of Document Converter Tools Due to Uptick in Scams
/in General NewsThe FBI’s Denver field office says the tools will convert documents while also dropping malware and scraping users’ systems for sensitive data.
darkreading – Read More
DeepSeek-V3 now runs at 20 tokens per second on Mac Studio, and that’s a nightmare for OpenAI
/in General NewsDeepSeek’s free 685B-parameter AI model runs at 20 tokens/second on Apple’s Mac Studio, outperforming Claude Sonnet while using just 200 watts, challenging OpenAI’s cloud-dependent business model.Read More
Security News | VentureBeat – Read More
China-Nexus APT ‘Weaver Ant’ Caught in Yearslong Web Shell Attack
/in General NewsThe persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia.
darkreading – Read More
US lifts sanctions on Tornado Cash, a crypto mixer linked to North Korean money laundering
/in General NewsTornado Cash was used to launder billions in stolen crypto, according to the Treasury.
Security News | TechCrunch – Read More