BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
The Cyber Savanna: A Rigged Race You Can’t Win, but Must Run Anyway
/in General NewsWhen it comes to protecting your company from cyberattacks, you don’t have to be the fastest gazelle — you just can’t afford to be the slowest.
darkreading – Read More
Astra, Invary Raise Millions for AI-Powered Pentesting, Runtime Security
/in General NewsAstra Security and Invary have received new funding to fuel development of their vulnerability scanning and runtime security solutions.
The post Astra, Invary Raise Millions for AI-Powered Pentesting, Runtime Security appeared first on SecurityWeek.
SecurityWeek – Read More
Cognita.ai raises $15M to fix enterprise AI’s biggest bottleneck: deployment
/in General NewsCognita.ai secures $15M Series A funding to transform enterprise AI implementation, reducing deployment time from 8 months to 12 weeks while delivering practical, measurable business outcomes through its Zunō platform.Read More
Security News | VentureBeat – Read More
Five Eyes Agencies Release Guidance on Securing Edge Devices
/in General NewsFive Eyes cybersecurity agencies have released guidance on securing edge devices against increasing threats.
The post Five Eyes Agencies Release Guidance on Securing Edge Devices appeared first on SecurityWeek.
SecurityWeek – Read More
If you’re not working on quantum-safe encryption now, it’s already too late
/in General NewsQuantum computers could soon break today’s strongest encryption, putting sensitive data at risk. Let’s dive deep into what this all means for telecommunications, security, AI, and our future.
Latest stories for ZDNET in Security – Read More
Cisco Patches Critical Vulnerabilities in Enterprise Management Product
/in General NewsCritical vulnerabilities in Cisco Identity Services Engine could lead to elevation of privileges and system configuration modifications.
The post Cisco Patches Critical Vulnerabilities in Enterprise Management Product appeared first on SecurityWeek.
SecurityWeek – Read More
Security Teams Pay the Price: The Unfair Reality of Cyber Incidents
/in General NewsThe blame of security incidents may be shared—but the burden of response always falls on the security team. Here’s how to prepare for the inevitable.
The post Security Teams Pay the Price: The Unfair Reality of Cyber Incidents appeared first on SecurityWeek.
SecurityWeek – Read More
Top 3 Ransomware Threats Active in 2025
/in General NewsYou arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: “Pay $2 million in Bitcoin within 48 hours or lose everything.”
And the worst part is that even after paying, there’s no guarantee you’ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get
The Hacker News – Read More
Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams
/in General NewsResearchers see dozens of fake DeepSeek websites used for credential phishing, cryptocurrency theft, and scams.
The post Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams appeared first on SecurityWeek.
SecurityWeek – Read More
7AI Raises $36 Million in Seed Funding for Agentic Security Platform
/in General News7AI has launched an agentic security platform, which uses AI agents to handle repetitive tasks, and raised $36 million in seed funding.
The post 7AI Raises $36 Million in Seed Funding for Agentic Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More