BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents
/in General NewsCybersecurity researchers have disclosed a now-patched security flaw in LangChain’s LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts.
The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security.
LangSmith is an observability and evaluation platform that allows users to
The Hacker News – Read More
Hacklink Market Linked to SEO Poisoning Attacks in Google Results
/in General NewsCybersecurity researchers at Netcraft have discovered a series of new SEO poisoning related attacks exploiting Google’s search results…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Rapid Rebuild Hackathon 2025: When Legacy Meets Innovation
/in General NewsConsider this: Berkshire Hathaway, Warren Buffett’s $700 billion conglomerate, operates one of the most influential investor websites on…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Private 5G: New Possibilities — and Potential Pitfalls
/in General NewsWhile ushering in “great operational value” for organizations, private 5G networks add yet another layer to CISOs’ responsibilities.
darkreading – Read More
Russia detects first SuperCard malware attacks skimming bank data via NFC
/in General NewsMalware detected previously in Italy has popped up in Russia, researchers said. Attackers use it to access devices’ near field communications (NFC) and steal payment card data.
The Record from Recorded Future News – Read More
Operation Endgame: Do Takedowns and Arrests Matter?
/in General NewsCybercrime response needs more aggressive actions from those seeking to protect victims and pursue criminals.
darkreading – Read More
UK watchdog fines 23andMe over 2023 data breach
/in General NewsThe ICO said over 150,000 U.K. residents had data stolen in the breach.
Security News | TechCrunch – Read More
Hackers Exploit Critical Langflow Flaw to Unleash Flodrix Botnet
/in General NewsA vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data
darkreading – Read More
US Insurance Industry Warned of Scattered Spider Attacks
/in General NewsGoogle is warning insurance companies that Scattered Spider appears to have shifted its focus from the retail sector.
The post US Insurance Industry Warned of Scattered Spider Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Circumvent Raises $6 Million for Cloud Security Platform
/in General NewsCloud security startup Circumvent has raised $6 million to develop a network of agents for autonomous prioritization and remediation.
The post Circumvent Raises $6 Million for Cloud Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More