BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
/in General NewsGoogle on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2).
The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities.
“Misuse of cloud
The Hacker News – Read More
Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin
/in General NewsCybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files.
TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social
The Hacker News – Read More
DanaBot takedown shows how agentic AI cut months of SOC analysis to weeks
/in General NewsAgentic AI played a decisive role in dismantling DanaBot, a Russian malware platform responsible for more than 50 million dollars in damages.Read More
Security News | VentureBeat – Read More
OneDrive File Picker Flaw Gives Apps Full Access to User Drives
/in General NewsA recent investigation by cybersecurity researchers at Oasis Security has revealed a data overreach in how Microsoft’s OneDrive…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Security startup Horizon3.ai is raising $100M in new round
/in General NewsHorizon3.ai, a cybersecurity startup that provides tools like autonomous penetration testing, is seeking to raise $100 million in a new funding round and has locked down at least $73 million, the company revealed in an SEC filing this week. NEA led the round, according to two people familiar with the deal. One person said that […]
Security News | TechCrunch – Read More
Hundreds of Web Apps Have Full Access to Microsoft OneDrive Files
/in General NewsResearchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions.
darkreading – Read More
Victoria’s Secret hit by outages as it battles security incident
/in General NewsThe fashion retailer’s outages began Monday.
Security News | TechCrunch – Read More
Microsoft Entra Design Lets Guest Users Gain Azure Control, Researchers Say
/in General NewsResearchers reveal how guest accounts with billing roles can create Azure subscriptions inside external tenants, gaining unexpected Owner access and opening hidden privilege risks.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Less is more: Meta study shows shorter reasoning improves AI accuracy by 34%
/in General NewsNew research from Meta reveals AI models achieve 34.5% better accuracy with shorter reasoning chains, challenging industry assumptions and potentially reducing computing costs by 40%.Read More
Security News | VentureBeat – Read More
MATLAB Maker MathWorks Recovering From Ransomware Attack
/in General NewsThe incident impacted multiple web and mobile applications, licensing services, downloads and online store, website, wiki, MathWorks accounts, and other services.
The post MATLAB Maker MathWorks Recovering From Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More