BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
Software Security: Too Little Vendor Accountability, Experts Say
/in General NewsActual legislation is a long shot and a decade away, but policy experts are looking to jump-start the conversation around greater legal liability for insecure software products.
darkreading – Read More
4 IoT Trends U.K. Businesses Should Watch in 2024
/in General NewsTechRepublic identified the top four trends emerging in IoT that businesses in the U.K. should be aware of.
Security | TechRepublic – Read More
DPRK’s Kimsuky APT Abuses Weak DMARC Policies, Feds Warn
/in General NewsOrganizations can go a long way toward preventing spoofing attacks by changing one basic parameter in their DNS settings.
darkreading – Read More
The Psychological Underpinnings of Modern Hacking Techniques
/in General NewsThe tactics employed by hackers today aren’t new; they’re simply adapted for the digital age, exploiting the same human weaknesses that have always existed.
darkreading – Read More
Hacker Sentenced After Years of Extorting Psychotherapy Patients
/in General NewsTwo years after a warrant went out for his arrest, Aleksanteri Kivimäki finally has been found guilty of thousands of counts of aggravated attempted blackmail, among other charges.
darkreading – Read More
What are passkeys? Experience the life-changing magic of going passwordless
/in General NewsHere’s how to take the first steps toward ditching passwords for good.
Latest stories for ZDNET in Security – Read More
Dropbox Breach Exposes Customer Credentials, Authentication Data
/in General NewsThreat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info.
darkreading – Read More
Two years in, Google says passkeys now protect more than 400 million accounts
/in General NewsGoogle Account users have authenticated themselves using passkeys more than 1 billion times, but passwords are likely to be around for years.
Latest stories for ZDNET in Security – Read More
Ransomware Defense Startup Mimic Raises Hefty $27M Seed Round
/in General NewsA new Silicon Valley startup called Mimic is coming out of the shadows with a hefty $27 million seed-stage funding round led by Ballistic Ventures.
The post Ransomware Defense Startup Mimic Raises Hefty $27M Seed Round appeared first on SecurityWeek.
SecurityWeek – Read More
Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw
/in General NewsSeveral popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app’s home directory.
“The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s 
The Hacker News – Read More