BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
Mississippi electric utility warns 20,000 residents of data breach
/in General NewsThe Yazoo Valley Electric Power Association initially warned customers in August of software problems. Last week, the utility disclosed that “unauthorized access” had led to a breach of sensitive customer information.
The Record from Recorded Future News – Read More
XE Group Cybercrime Gang Moves from Credit Card Skimming to Zero-Day Exploits
/in General NewsVietnamese cybercrime gang shifts from credit card-skimming to exploiting at least two zero-day vulnerabilities enterprise software product.
The post XE Group Cybercrime Gang Moves from Credit Card Skimming to Zero-Day Exploits appeared first on SecurityWeek.
SecurityWeek – Read More
Cisco Finds DeepSeek R1 Highly Vulnerable to Harmful Prompts
/in General NewsDeepSeek R1, a cost-efficient AI model, achieves impressive reasoning but fails all safety tests in a new study…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Microsoft 365 is dumping its VPN – try these alternatives instead
/in General NewsThe company is retiring the VPN tool while raising prices for Microsoft 365 Personal and Family subscriptions.
Latest stories for ZDNET in Security – Read More
1-Click Phishing Campaign Targets High-Profile X Accounts
/in General NewsIn an attack vector that’s been used before, threat actors aim to commit crypto fraud by hijacking highly followed users, thus reaching a broad audience of secondary victims.
darkreading – Read More
Cyber Insights 2025: Quantum and the Threat to Encryption
/in General News2025 is an important year – it is probably our last chance to start our migration to post quantum cryptography before we are all undone by cryptographically relevant quantum computers.
The post Cyber Insights 2025: Quantum and the Threat to Encryption appeared first on SecurityWeek.
SecurityWeek – Read More
Proactive Vulnerability Management for Engineering Success
/in General NewsBy integrating security into CI/CD, applying automated policies, and supporting developers with the right processes and tools, infosec teams can increase efficiency and build secure software.
darkreading – Read More
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
/in General NewsAs many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year.
Describing 2024 as “another banner year for threat actors targeting the exploitation of vulnerabilities,” VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before
The Hacker News – Read More
How Builder.ai is Democratizing AI for the Next Billion Users
/in General NewsDubai UAE, UAE, 3rd February 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
How Thomson Reuters and Anthropic built an AI that lawyers actually trust
/in General NewsThomson Reuters integrates Anthropic’s Claude AI into its legal and tax platforms, enhancing CoCounsel with AI-powered tools that process professional content through secure Amazon cloud infrastructure.Read More
Security News | VentureBeat – Read More