BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
New Jersey Sues Discord for Allegedly Failing to Protect Children
/in General NewsThe New Jersey attorney general claims Discord’s features to keep children under 13 safe from sexual predators and harmful content are inadequate.
Security Latest – Read More
Cybersecurity by Design: When Humans Meet Technology
/in General NewsIf security tools are challenging to use, people will look for workarounds to get around the restrictions.
darkreading – Read More
Vulnerabilities Patched in Atlassian, Cisco Products
/in General NewsAtlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs.
The post Vulnerabilities Patched in Atlassian, Cisco Products appeared first on SecurityWeek.
SecurityWeek – Read More
Network Security at the Edge for AI-ready Enterprise
/in General NewsThe widespread use of AI, particularly generative AI, in modern businesses creates new network security risks for complex enterprise workloads across various locations.
Security | TechRepublic – Read More
Demystifying Security Posture Management
/in General NewsWhile the Security Posture Management buzz is real, its long-term viability depends on whether it can deliver measurable outcomes without adding more complexity.
The post Demystifying Security Posture Management appeared first on SecurityWeek.
SecurityWeek – Read More
Why ‘One Community’ Resonates in Cybersecurity
/in General NewsOur collective voices and one community will provide the intelligence we need to safeguard our businesses in today’s modern digital environment.
The post Why ‘One Community’ Resonates in Cybersecurity appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese APT Mustang Panda Updates, Expands Arsenal
/in General NewsThe Chinese state-sponsored group Mustang Panda has used new and updated malicious tools in a recent attack.
The post Chinese APT Mustang Panda Updates, Expands Arsenal appeared first on SecurityWeek.
SecurityWeek – Read More
This ‘College Protester’ Isn’t Real. It’s an AI-Powered Undercover Bot for Cops
/in General NewsMassive Blue is helping cops deploy AI-powered social media bots to talk to people they suspect are anything from violent sex criminals all the way to vaguely defined “protesters.”
Security Latest – Read More
CISA Issues Guidance After Oracle Cloud Hack
/in General NewsCISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack.
The post CISA Issues Guidance After Oracle Cloud Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
/in General NewsA critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions.
The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0.
“The vulnerability allows an attacker with network access to an Erlang/OTP SSH
The Hacker News – Read More