BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Ransomware attack contributed to patient’s death, says Britain’s NHS
/in General NewsA cybercrime group’s attack against a London-based pathology service last year was one of the “contributing factors” in the death of a patient, U.K. officials said.
The Record from Recorded Future News – Read More
Enterprises must rethink IAM as AI agents outnumber humans 10 to 1
/in General NewsIdentity is the essential control plane for agentic AI security, redefining enterprise defenses amid rising credential-based breaches.Read More
Security News | VentureBeat – Read More
French police reportedly arrest suspected BreachForums administrators
/in General NewsSeveral suspects tied to the cybercrime site BreachForums have been arrested in France, according to a local news report, including alleged administrators known as ShinyHunters and Intelbroker.
The Record from Recorded Future News – Read More
Thousands of SaaS Apps Could Still Be Susceptible to nOAuth
/in General NewsNew research suggests more than 10,000 SaaS apps could remain vulnerable to a nOAuth variant despite the basic issue being disclosed in June 2023.
The post Thousands of SaaS Apps Could Still Be Susceptible to nOAuth appeared first on SecurityWeek.
SecurityWeek – Read More
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure
/in General NewsCybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions.
The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January
The Hacker News – Read More
Glasgow City Council impacted by ‘cyber incident’
/in General NewsThe Glasgow City Council announced that it was affected by an incident “disrupting a number of online services and which may have involved the theft of customer data.”
The Record from Recorded Future News – Read More
XOR Marks the Flaw in SAP GUI
/in General NewsThe company has patched two vulnerabilities in its Graphical User Interface that would have allowed attackers to grab data from a user’s input history feature.
darkreading – Read More
Ring’s new generative AI feature is here to answer your ‘who’s there?’ or ‘what was that?’ questions
/in General NewsCalled Video Descriptions, the AI feature generates detailed descriptions of what your Ring camera sees and delivers it in your notifications.
Latest stories for ZDNET in Security – Read More
Ring cameras and doorbells now use AI to provide specific descriptions of motion activity
/in General NewsRing gets a new AI-powered feature that offers users specific text descriptions of current motion activity.
Security News | TechCrunch – Read More
SonicWall Warns of Trojanized NetExtender Stealing User Information
/in General NewsSonicWall says a modified version of the legitimate NetExtender application contains information-stealing code.
The post SonicWall Warns of Trojanized NetExtender Stealing User Information appeared first on SecurityWeek.
SecurityWeek – Read More