BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Medical Billing Firm Medusind Says Data Breach Impacts 360,000 People
/in General NewsMedical billing solutions provider Medusind has revealed that a data breach discovered in December 2023 impacts over 360,000 individuals.
The post Medical Billing Firm Medusind Says Data Breach Impacts 360,000 People appeared first on SecurityWeek.
SecurityWeek – Read More
GFI KerioControl Firewall Vulnerability Exploited in the Wild
/in General NewsThreat actors are exploiting a recent GFI KerioControl firewall vulnerability that leads to remote code execution.
The post GFI KerioControl Firewall Vulnerability Exploited in the Wild appeared first on SecurityWeek.
SecurityWeek – Read More
Thousands of Live Hacker Backdoors Found in Expired Domains
/in General NewsSUMMARY Cybersecurity researchers at watchTowr have identified over 4,000 live hacker backdoors, exploiting abandoned infrastructure and expired domains.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool
/in General NewsPalo Alto Networks has released patches for multiple vulnerabilities in the Expedition migration tool, which was retired on December 31, 2024.
The post Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool appeared first on SecurityWeek.
SecurityWeek – Read More
From Silos to Synergy: Transforming Threat Intelligence Sharing in 2025
/in General NewsIn the face of ever-growing threats and adversaries, organizations must break down the silos between ALL teams involved in security.
The post From Silos to Synergy: Transforming Threat Intelligence Sharing in 2025 appeared first on SecurityWeek.
SecurityWeek – Read More
Cohere just launched ‘North’, its biggest AI bet yet for privacy-focused enterprises
/in General NewsCohere launches North, a secure enterprise AI platform outperforming Microsoft Copilot and Google Vertex AI in testing, with Royal Bank of Canada among early adopters implementing the technology for regulated industries.Read More
Security News | VentureBeat – Read More
Exploitation of New Ivanti VPN Zero-Day Linked to Chinese Cyberspies
/in General NewsGoogle Cloud’s Mandiant has linked the exploitation of CVE-2025-0282, a new Ivanti VPN zero-day, to Chinese cyberspies.
The post Exploitation of New Ivanti VPN Zero-Day Linked to Chinese Cyberspies appeared first on SecurityWeek.
SecurityWeek – Read More
The School Shootings Were Fake. The Terror Was Real
/in General NewsThe inside story of the teenager whose “swatting” calls sent armed police racing into hundreds of schools nationwide—and the private detective who tracked him down.
Security Latest – Read More
E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws
/in General NewsThe European General Court on Wednesday fined the European Commission, the primary executive arm of the European Union responsible for proposing and enforcing laws for member states, for violating the bloc’s own data privacy regulations.
The development marks the first time the Commission has been held liable for infringing stringent data protection laws in the region.
The court determined that
The Hacker News – Read More
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
/in General NewsIvanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024.
The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2
The Hacker News – Read More