BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
/in General NewsAn investigation into more than 300 cyberattacks against US K–12 schools over the past five years shows how schools can withhold crucial details from students and parents whose data was stolen.
Security Latest – Read More
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
/in General NewsMicrosoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.
The flaws are listed below –
CVE-2025-21396 (CVSS score: 7.5) – Microsoft Account Elevation of Privilege Vulnerability
CVE-2025-21415 (CVSS score: 9.9) – Azure AI Face Service
The Hacker News – Read More
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
/in General NewsGoogle has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.
Successful exploitation of the flaw could lead
The Hacker News – Read More
Microsoft SharePoint Connector Flaw Could’ve Enabled Credential Theft Across Power Platform
/in General NewsCybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user’s credentials and stage follow-on attacks.
This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf
The Hacker News – Read More
Anthropic claims new AI security method blocks 95% of jailbreaks, invites red teamers to try
/in General NewsThe new Claude safeguards have already technically been broken but Anthropic says this was due to a glitch — try again.Read More
Security News | VentureBeat – Read More
Microsoft Will Remove the Free VPN That Comes With Windows Defender Soon
/in General NewsThe feature will no longer be available starting Feb. 28. Microsoft wants to focus on “new areas that will better align to customer needs.”
Security | TechRepublic – Read More
Hackers Hide Malware in Fake DeepSeek PyPI Packages
/in General NewsMalicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Interactive Online Training for Cybersecurity Professionals; Earn CPE Credits
/in General NewsPost Content
darkreading – Read More
‘Constitutional Classifiers’ Technique Mitigates GenAI Jailbreaks
/in General NewsAnthropic says its Constitutional Classifiers approach offers a practical way to make it harder for bad actors to try and coerce an AI model off its guardrails.
darkreading – Read More
EMEA CISOs Plan 2025 Cloud Security Investment
/in General NewsPost Content
darkreading – Read More