BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
Actions Over Words: Career Lessons for the Security Professional
/in General NewsIn a world full of noise and promises, it’s those who consistently deliver behind the scenes who build the most respected and rewarding careers.
The post Actions Over Words: Career Lessons for the Security Professional appeared first on SecurityWeek.
SecurityWeek – Read More
10 passkey survival tips: The best preparation for a password-less future is to start living there now
/in General NewsAlthough passkeys remain an evolving ecosystem, we’d be wise to embrace tomorrow’s authentication standard today. Here are ZDNET’s 10 recommendations for reaching passkey paradise.
Latest stories for ZDNET in Security – Read More
SonicWall Flags Two More Vulnerabilities as Exploited
/in General NewsSonicWall has updated the advisories for two vulnerabilities to warn that they are being exploited in the wild.
The post SonicWall Flags Two More Vulnerabilities as Exploited appeared first on SecurityWeek.
SecurityWeek – Read More
5 things to do on World Password Day to keep your accounts safe
/in General NewsWith password best practices continuing to evolve, now’s a good time for a refresher. Consider this your annual cybersecurity to-do list.
Latest stories for ZDNET in Security – Read More
Ascension Discloses Data Breach Potentially Linked to Cleo Hack
/in General NewsAscension is notifying over 100,000 people that their personal information was stolen in a data breach potentially linked to the Cleo hack.
The post Ascension Discloses Data Breach Potentially Linked to Cleo Hack appeared first on SecurityWeek.
SecurityWeek – Read More
RAG can make AI models riskier and less reliable, new research shows
/in General NewsAccording to Bloomberg, the increasingly popular AI framework can vastly increase your chances of getting dangerous answers. What can you do?
Latest stories for ZDNET in Security – Read More
SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models
/in General NewsSonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild.
The vulnerabilities in question are listed below –
CVE-2023-44221 (CVSS score: 7.2) – Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to
The Hacker News – Read More
North Korea Stole Your Job
/in General NewsFor years, North Korea has been secretly placing young IT workers inside Western companies. With AI, their schemes are now more devious—and effective—than ever.
Security Latest – Read More
Billbug Expands Cyber-Espionage Campaign in Southeast Asia
/in General NewsThe China-linked cyber-operations group, better known as Lotus Panda, uses its own custom malware to focus on government agencies and private companies in Hong Kong, the Philippines, Taiwan, and Vietnam.
darkreading – Read More
Prolific RansomHub Operation Goes Dark
/in General NewsThe chat infrastructure and data-leak site of the notorious ransomware-as-a-service group has been inactive since March 31, according to security vendors.
darkreading – Read More