BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Multiple iHeartRadio stations breached in December
/in General NewsSeveral radio stations owned by iHeartMedia were breached in December, exposing Social Security numbers, financial information and more.
The Record from Recorded Future News – Read More
Hacker Conversations: John Kindervag, a Making not Breaking Hacker
/in General NewsJohn Kindervag is best known for developing the Zero Trust Model. He is a hacker, but not within our common definition of a hacker today.
The post Hacker Conversations: John Kindervag, a Making not Breaking Hacker appeared first on SecurityWeek.
SecurityWeek – Read More
New Cloud Vulnerability Data Shows Google Cloud Leads in Risk
/in General NewsNew research shows Google Cloud and smaller providers have the highest cloud vulnerability rates as compared to AWS…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Critical Vulnerability in AI Builder Langflow Under Attack
/in General NewsCISA warns organizations that threat actors are exploiting a critical-severity vulnerability in low-code AI builder Langflow.
The post Critical Vulnerability in AI Builder Langflow Under Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Samsung MagicINFO Vulnerability Exploited Days After PoC Publication
/in General NewsThreat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published.
The post Samsung MagicINFO Vulnerability Exploited Days After PoC Publication appeared first on SecurityWeek.
SecurityWeek – Read More
Entra ID Data Protection: Essential or Overkill?
/in General NewsMicrosoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments.
That prominence also
The Hacker News – Read More
US Border Agents Are Asking for Help Taking Photos of Everyone Entering the Country by Car
/in General NewsCustoms and Border Protection has called for tech companies to pitch real-time face recognition technology that can capture everyone in a vehicle—not just those in the front seats.
Security Latest – Read More
Android Update Patches FreeType Vulnerability Exploited as Zero-Day
/in General NewsAndroid’s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine.
The post Android Update Patches FreeType Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
Google Fixes Actively Exploited Android System Flaw in May 2025 Security Update
/in General NewsGoogle has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild.
The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges.
“The most severe of
The Hacker News – Read More
Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
/in General NewsA recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation.
The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0.
“Langflow contains a missing
The Hacker News – Read More