BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Smokeloader Users Identified and Arrested in Operation Endgame
/in General NewsAuthorities arrest 5 Smokeloader botnet customers after Operation Endgame; evidence from seized data links customers to malware, ransomware, and more.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
/in General NewsCybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk.
The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for
The Hacker News – Read More
Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs
/in General NewsTrump orders a termination of any active security clearances held by Krebs and a suspension of clearances held by individuals at SentinelOne.
The post Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs appeared first on SecurityWeek.
SecurityWeek – Read More
Trump orders federal investigation into former CISA director Chris Krebs
/in General NewsTrump fired Krebs by tweet in 2020 after he publicly debunked Trump’s false claims of election fraud.
Security News | TechCrunch – Read More
Juniper Networks Patches Dozens of Junos Vulnerabilities
/in General NewsJuniper Networks has patched two dozen vulnerabilities in Junos OS and Junos OS Evolved, and dozens of flaws in Junos Space third-party dependencies.
The post Juniper Networks Patches Dozens of Junos Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Why Data Privacy Isn’t the Same as Data Security
/in General NewsFailing to distinguish between data privacy and data security leaves businesses vulnerable to regulatory scrutiny and the kinds of breaches that erode consumer trust overnight.
darkreading – Read More
Why security stacks need to think like an attacker, and score every user in real time
/in General NewsSophisticated attacks must be tracked and contained in a business’s core security infrastructure, managed from its SOC.Read More
Security News | VentureBeat – Read More
Threat Actors Use ‘Spam Bombing’ Technique to Hide Malicious Motives
/in General NewsDarktrace researchers detailed “spam bombing,” a technique in which threat actors bombard targets with spam emails as a pretense for activity like social engineering campaigns.
darkreading – Read More
Study Identifies 20 Most Vulnerable Connected Devices of 2025
/in General NewsRouters are the riskiest devices in enterprise networks as they contain the most critical vulnerabilities, a new Forescout report shows.
The post Study Identifies 20 Most Vulnerable Connected Devices of 2025 appeared first on SecurityWeek.
SecurityWeek – Read More
PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
/in General NewsOverview of the PlayPraetor Masquerading Party Variants
CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days.
As before, all the newly discovered play
The Hacker News – Read More