BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
OpenAI’s $3B Windsurf move: the real reason behind its enterprise AI agent code push
/in General NewsOpenAI’s $3B Windsurf buy puts it on defense as Google & Anthropic surge in AI-powered coding—discover the stakes for agentic development and enterprise teams.Read More
Security News | VentureBeat – Read More
Phishing Attack Uses Blob URIs to Show Fake Login Pages in Your Browser
/in General NewsCofense Intelligence reveals a novel phishing technique using blob URIs to create local fake login pages, bypassing email…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
/in General NewsSupply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor.
The post Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack appeared first on SecurityWeek.
SecurityWeek – Read More
In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak
/in General NewsNoteworthy stories that might have slipped under the radar: surge in cyberattacks between India and Pakistan, Radware cloud WAF vulnerabilities, xAI key leak.
The post In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak appeared first on SecurityWeek.
SecurityWeek – Read More
Florida bill requiring encryption backdoors for social media accounts has failed
/in General NewsThe bill would have required social media companies create encryption backdoors to allow access to users’ private information.
Security News | TechCrunch – Read More
How Security Has Changed the Hacker Marketplace
/in General NewsYour ultimate goal shouldn’t be security perfection — it should be making exploitation of your organization unprofitable.
darkreading – Read More
160,000 Impacted by Valsoft Data Breach
/in General NewsVMS firm Valsoft Corporation says the personal information of over 160,000 people was compromised in a February 2025 data breach.
The post 160,000 Impacted by Valsoft Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Malicious NPM Packages Target Cursor AI’s macOS Users
/in General NewsThree NPM packages posing as developer tools for Cursor AI code editor’s macOS version contain a backdoor.
The post Malicious NPM Packages Target Cursor AI’s macOS Users appeared first on SecurityWeek.
SecurityWeek – Read More
Zencoder launches Zen Agents, ushering in a new era of team-based AI for software development
/in General NewsZencoder launches Zen Agents, the first AI platform enabling teams to create, share, and leverage custom development assistants organization-wide, plus an open-source marketplace for enterprise-grade AI tools.Read More
Security News | VentureBeat – Read More
Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts
/in General NewsA flaw in Microsoft Entra ID’s legacy login allowed attackers to bypass MFA, targeting admin accounts across finance,…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More