BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Florida bill requiring encryption backdoors for social media accounts has failed
/in General NewsThe bill would have required social media companies create encryption backdoors to allow access to users’ private information.
Security News | TechCrunch – Read More
How Security Has Changed the Hacker Marketplace
/in General NewsYour ultimate goal shouldn’t be security perfection — it should be making exploitation of your organization unprofitable.
darkreading – Read More
160,000 Impacted by Valsoft Data Breach
/in General NewsVMS firm Valsoft Corporation says the personal information of over 160,000 people was compromised in a February 2025 data breach.
The post 160,000 Impacted by Valsoft Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Malicious NPM Packages Target Cursor AI’s macOS Users
/in General NewsThree NPM packages posing as developer tools for Cursor AI code editor’s macOS version contain a backdoor.
The post Malicious NPM Packages Target Cursor AI’s macOS Users appeared first on SecurityWeek.
SecurityWeek – Read More
Zencoder launches Zen Agents, ushering in a new era of team-based AI for software development
/in General NewsZencoder launches Zen Agents, the first AI platform enabling teams to create, share, and leverage custom development assistants organization-wide, plus an open-source marketplace for enterprise-grade AI tools.Read More
Security News | VentureBeat – Read More
Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts
/in General NewsA flaw in Microsoft Entra ID’s legacy login allowed attackers to bypass MFA, targeting admin accounts across finance,…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
/in General NewsCybersecurity researchers are warning of a new campaign that’s targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025.
“The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox,” Cisco Talos
The Hacker News – Read More
Rising Tides: Kelley Misata on Bringing Cybersecurity to Nonprofits
/in General NewsSightline Security’s founder explains why nonprofits need cybersecurity solutions tailored to their unique missions — and why vendors need to listen.
The post Rising Tides: Kelley Misata on Bringing Cybersecurity to Nonprofits appeared first on SecurityWeek.
SecurityWeek – Read More
Company and Personal Data Compromised in Recent Insight Partners Hack
/in General NewsVC firm Insight Partners is informing partners and employees that their information was exposed in the January 2025 cyberattack.
The post Company and Personal Data Compromised in Recent Insight Partners Hack appeared first on SecurityWeek.
SecurityWeek – Read More
SAP Zero-Day Targeted Since January, Many Sectors Impacted
/in General NewsHundreds of SAP NetWeaver instances hacked via a zero-day that allows remote code execution, not only arbitrary file uploads, as initially believed.
The post SAP Zero-Day Targeted Since January, Many Sectors Impacted appeared first on SecurityWeek.
SecurityWeek – Read More