BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
North Korean Hackers Distributed Android Spyware via Google Play
/in General NewsThe North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play.
The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on SecurityWeek.
SecurityWeek – Read More
Webinar on Demand: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks
/in General NewsHow hyper agenda-driven threat actors, cybercriminals, and nation-states integrate digital, narrative, and physical attacks to target organizations through their executives.
The post Webinar on Demand: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
QuamCore Emerges From Stealth With $9 Million to Build a Quantum Computer
/in General NewsQuamCore’s secret sauce is a patented architecture that will allow the integration of 1 million qubits in a single cryostat.
The post QuamCore Emerges From Stealth With $9 Million to Build a Quantum Computer appeared first on SecurityWeek.
SecurityWeek – Read More
Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution
/in General NewsOrganizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM.
The post Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution appeared first on SecurityWeek.
SecurityWeek – Read More
INE Security Alert: Using AI-Driven Cybersecurity Training to Counter Emerging Threats
/in General NewsCary, North Carolina, 13th March 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge
/in General NewsEmployees at the Cybersecurity and Infrastructure Security Agency tell WIRED they’re struggling to protect the US while the administration dismisses their colleagues and poisons their partnerships.
Security Latest – Read More
How to set up Bitwarden for personal and work use – and why you should keep them separate
/in General NewsDon’t let work invade your personal life. Separate your passwords with two Bitwarden accounts for better security and peace of mind.
Latest stories for ZDNET in Security – Read More
OpenAI Operator Agent Used in Proof-of-Concept Phishing Attack
/in General NewsResearchers from Symantec showed how OpenAI’s Operator agent, currently in research preview, can be used to construct a basic phishing attack from start to finish.
darkreading – Read More
Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
/in General NewsMeta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild.
The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution when parsing certain font
The Hacker News – Read More
Why AI-powered security tools are your secret weapon against tomorrow’s attacks
/in General NewsIn the cybersecurity arms race, you have access to the same weapons as the bad guys. Just how well-armed are you now?
Latest stories for ZDNET in Security – Read More