BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Samsung MagicINFO Vulnerability Exploited Days After PoC Publication
/in General NewsThreat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published.
The post Samsung MagicINFO Vulnerability Exploited Days After PoC Publication appeared first on SecurityWeek.
SecurityWeek – Read More
Entra ID Data Protection: Essential or Overkill?
/in General NewsMicrosoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments.
That prominence also
The Hacker News – Read More
US Border Agents Are Asking for Help Taking Photos of Everyone Entering the Country by Car
/in General NewsCustoms and Border Protection has called for tech companies to pitch real-time face recognition technology that can capture everyone in a vehicle—not just those in the front seats.
Security Latest – Read More
Android Update Patches FreeType Vulnerability Exploited as Zero-Day
/in General NewsAndroid’s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine.
The post Android Update Patches FreeType Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
Google Fixes Actively Exploited Android System Flaw in May 2025 Security Update
/in General NewsGoogle has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild.
The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges.
“The most severe of
The Hacker News – Read More
Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
/in General NewsA recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation.
The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0.
“Langflow contains a missing
The Hacker News – Read More
Meta, Cisco put open-source LLMs at the core of next-gen SOC workflows
/in General NewsCisco’s Foundation-sec-8B LLM & Meta’s AI Defenders redefine cybersecurity with open-source AI for scalable SOCs.Read More
Security News | VentureBeat – Read More
Chat App Used by Trump Admin Suspends Operation Amid Hack
/in General NewsTM SGNL, a chat app by US-Israeli firm TeleMessage used by Trump officials, halts operations after a breach…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
AI Domination: RSAC 2025 Social Media Roundup
/in General NewsDocumented in a series of social media posts, cybersecurity experts shared with Dark Reading their insights on RSAC 2025 throughout the week.
darkreading – Read More
Signal Clone Used by Mike Waltz Pauses Service After Reports It Got Hacked
/in General NewsThe communications app TeleMessage, which was spotted on former US national security adviser Mike Waltz’s phone, has suspended “all services” as it investigates reports of at least one breach.
Security Latest – Read More