BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
And Now Malware That Tells AI to Ignore It?
/in General NewsThough rudimentary and largely non-functional, the wryly named “Skynet” binary could be a harbinger of things to come on the malware front.
darkreading – Read More
Millions of Brother Printers Hit by Critical, Unpatchable Bug
/in General NewsA slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother.
darkreading – Read More
How Avast’s free AI-powered Scam Guardian protects you from online con artists
/in General NewsNow built into Avast Free Antivirus and Avast Premium Security, the AI-driven scam protection warns you about suspicious websites, messages, emails, and more.
Latest stories for ZDNET in Security – Read More
CISA Is Shrinking: What Does It Mean for Cyber?
/in General NewsDark Reading Confidential Episode 7: Cyber experts Tom Parker and Jake Williams offer their views on the practical impact of cuts to the US Cybersecurity and Infrastructure Security Agency.
darkreading – Read More
nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery
/in General NewsNew research has uncovered continued risk from a known security weakness in Microsoft’s Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications.
Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse.
First disclosed by
The Hacker News – Read More
Dire Wolf Ransomware Comes Out Snarling, Bites Technology, Manufacturing
/in General NewsThe emerging group has already gotten its teeth into 16 victims since May with its double extortion tactics, claiming victims in 11 countries, including the US, Thailand, and Taiwan.
darkreading – Read More
Anthropic just made every Claude user a no-code app developer
/in General NewsAnthropic transforms Claude AI into a no-code app development platform with 500 million user-created artifacts, intensifying competition with OpenAI’s Canvas feature as AI companies battle for developer supremacy.Read More
Security News | VentureBeat – Read More
Hundreds of MCP Servers Expose AI Models to Abuse, RCE
/in General NewsThe servers that connect AI with real-world data are occasionally wide-open channels for cyberattacks.
darkreading – Read More
Ransomware attack contributed to patient’s death, says Britain’s NHS
/in General NewsA cybercrime group’s attack against a London-based pathology service last year was one of the “contributing factors” in the death of a patient, U.K. officials said.
The Record from Recorded Future News – Read More
Enterprises must rethink IAM as AI agents outnumber humans 10 to 1
/in General NewsIdentity is the essential control plane for agentic AI security, redefining enterprise defenses amid rising credential-based breaches.Read More
Security News | VentureBeat – Read More