BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams
/in General NewsResearchers see dozens of fake DeepSeek websites used for credential phishing, cryptocurrency theft, and scams.
The post Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams appeared first on SecurityWeek.
SecurityWeek – Read More
7AI Raises $36 Million in Seed Funding for Agentic Security Platform
/in General News7AI has launched an agentic security platform, which uses AI agents to handle repetitive tasks, and raised $36 million in seed funding.
The post 7AI Raises $36 Million in Seed Funding for Agentic Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
/in General NewsCisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices.
The vulnerabilities are listed below –
CVE-2025-20124 (CVSS score: 9.9) – An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote
The Hacker News – Read More
Basket of Bank Trojans Defraud Citizens of East India
/in General NewsCheap banking scams are often easier to pull off in a country with older devices, fewer regulations, and experienced fraudsters.
darkreading – Read More
The Impact of Cybersecurity on Game Development
/in General NewsThe gaming industry has grown into a massive global market, with millions of players engaging in online multiplayer…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Italy says Paragon spyware targeted victims in dozens of European countries
/in General NewsSeven Italians and victims in more than a dozen other European countries were targeted with spyware as part of a broad hacking campaign revealed by WhatsApp on Friday, the Italian government said.
The Record from Recorded Future News – Read More
Spanish police arrest hacker accused of attacks on NATO, US Army
/in General NewsOfficials accused the hacker of breaching systems used by the United Nations, the International Civil Aviation Organization, NATO and the U.S. Army, as well as several government bodies in Spain.
The Record from Recorded Future News – Read More
The biggest breach of US government data is under way
/in General NewsElon Musk’s DOGE has taken control and accessed large swathes of Americans’ private information held by the U.S. federal government.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise
/in General NewsCISA adds four new vulnerabilities to its catalog, urging agencies to remediate risks. Learn about the latest exploits and how they impact enterprise security.
Security | TechRepublic – Read More
Semgrep Raises $100M for AI-Powered Code Security Platform
/in General NewsSan Francisco application security startup raises $100 million in a Series D funding round led by Menlo Ventures.
The post Semgrep Raises $100M for AI-Powered Code Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More