BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
/in General NewsCisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices.
The vulnerabilities are listed below –
CVE-2025-20124 (CVSS score: 9.9) – An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote
The Hacker News – Read More
Basket of Bank Trojans Defraud Citizens of East India
/in General NewsCheap banking scams are often easier to pull off in a country with older devices, fewer regulations, and experienced fraudsters.
darkreading – Read More
The Impact of Cybersecurity on Game Development
/in General NewsThe gaming industry has grown into a massive global market, with millions of players engaging in online multiplayer…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Italy says Paragon spyware targeted victims in dozens of European countries
/in General NewsSeven Italians and victims in more than a dozen other European countries were targeted with spyware as part of a broad hacking campaign revealed by WhatsApp on Friday, the Italian government said.
The Record from Recorded Future News – Read More
Spanish police arrest hacker accused of attacks on NATO, US Army
/in General NewsOfficials accused the hacker of breaching systems used by the United Nations, the International Civil Aviation Organization, NATO and the U.S. Army, as well as several government bodies in Spain.
The Record from Recorded Future News – Read More
The biggest breach of US government data is under way
/in General NewsElon Musk’s DOGE has taken control and accessed large swathes of Americans’ private information held by the U.S. federal government.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise
/in General NewsCISA adds four new vulnerabilities to its catalog, urging agencies to remediate risks. Learn about the latest exploits and how they impact enterprise security.
Security | TechRepublic – Read More
Semgrep Raises $100M for AI-Powered Code Security Platform
/in General NewsSan Francisco application security startup raises $100 million in a Series D funding round led by Menlo Ventures.
The post Semgrep Raises $100M for AI-Powered Code Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Proton Pass vs. 1Password: Which password manager is right for you?
/in General NewsProton Pass and 1Password offer secure password safekeeping with similarly priced plans. Still, one service may suit your needs better than the other. Here’s how to pick the right one.
Latest stories for ZDNET in Security – Read More
Google releases responsible AI report while removing its anti-weapons pledge
/in General NewsThe company’s annual reflection on safe AI development comes amid shifting guidance around military AI.
Latest stories for ZDNET in Security – Read More