BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Hackers steal and destroy millions from Iran’s largest crypto exchange
/in General NewsIt’s the latest cyberattack on Iran claimed by a pro-Israeli hacking group since the latest flare up in tensions between the two countries.
Security News | TechCrunch – Read More
How CISOs Can Govern AI & Meet Evolving Regulations
/in General NewsSecurity teams are no longer just the last line of defense — they are the foundation for responsible AI adoption.
darkreading – Read More
Eufy’s new smart display gives Amazon and Google a run for their money – how it works
/in General NewsThe Smart Display E10 tablet offers facial recognition, quad-view live stream, event summaries, and a built-in battery for portability.
Latest stories for ZDNET in Security – Read More
Serpentine#Cloud Uses Cloudflare Tunnels in Sneak Attacks
/in General NewsAn unidentified threat actor is using .lnk Windows shortcut files in a series of sophisticated attacks utilizing in-memory code execution and living-off-the-land cyberattack strategies.
darkreading – Read More
Critical Vulnerability Patched in Citrix NetScaler
/in General NewsCitrix has released patches for critical- and high-severity vulnerabilities in NetScaler and Secure Access Client and Workspace for Windows.
The post Critical Vulnerability Patched in Citrix NetScaler appeared first on SecurityWeek.
SecurityWeek – Read More
WormGPT Makes a Comeback Using Jailbroken Grok and Mixtral Models
/in General NewsCato CTRL uncovers new WormGPT variants on Telegram powered by jailbroken Grok and Mixtral. Learn how cybercriminals jailbreak top LLMs for uncensored, illegal activities in this latest threat research.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
FedRAMP at Startup Speed: Lessons Learned
/in General NewsFor organizations eyeing the federal market, FedRAMP can feel like a gated fortress. With strict compliance requirements and a notoriously long runway, many companies assume the path to authorization is reserved for the well-resourced enterprise. But that’s changing.
In this post, we break down how fast-moving startups can realistically achieve FedRAMP Moderate authorization without derailing
The Hacker News – Read More
Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security
/in General NewsAdopting a layered defense strategy that includes human-centric tools and updating security components.
The post Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security appeared first on SecurityWeek.
SecurityWeek – Read More
OpenAI to Help DoD With Cyber Defense Under New $200 Million Contract
/in General NewsOpenAI has been awarded a $200 million contract for AI capabilities to help the Defense Department address national security challenges.
The post OpenAI to Help DoD With Cyber Defense Under New $200 Million Contract appeared first on SecurityWeek.
SecurityWeek – Read More
Chrome 137 Update Patches High-Severity Vulnerabilities
/in General NewsGoogle has released a Chrome 137 update to resolve two memory bugs in the browser’s V8 and Profiler components.
The post Chrome 137 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More