BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More
/in General NewsSome of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren’t. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something’s wrong.
This week’s stories aren’t just about what was attacked—but how easily it happened. If we’re only looking for the obvious signs, what are we missing right in front
The Hacker News – Read More
Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine
/in General NewsIntroduction
The cybersecurity landscape is evolving rapidly, and so are the cyber needs of organizations worldwide. While businesses face mounting pressure from regulators, insurers, and rising threats, many still treat cybersecurity as an afterthought. As a result, providers may struggle to move beyond tactical services like one-off assessments or compliance checklists, and demonstrate
The Hacker News – Read More
Anubis Ransomware Packs a Wiper to Permanently Delete Files
/in General NewsThe emerging Anubis ransomware becomes a major threat, permanently deleting user files and making recovery impossible.
The post Anubis Ransomware Packs a Wiper to Permanently Delete Files appeared first on SecurityWeek.
SecurityWeek – Read More
Why We Made a Guide to Winning a Fight
/in General NewsRight now, everyone seems ready to throw down. More than ever, it’s important to fight smart—and not give up until you land a decisive blow.
Security Latest – Read More
Red Teaming AI: The Build Vs Buy Debate
/in General NewsA strong AI deployment starts with asking the right questions, mapping your risks, and thinking like an adversary — before it’s too late.
The post Red Teaming AI: The Build Vs Buy Debate appeared first on SecurityWeek.
SecurityWeek – Read More
High-Severity Vulnerabilities Patched in Tenable Nessus Agent
/in General NewsThree high-severity Tenable Agent vulnerabilities could allow users to overwrite and delete files, or execute arbitrary code, with System privileges.
The post High-Severity Vulnerabilities Patched in Tenable Nessus Agent appeared first on SecurityWeek.
SecurityWeek – Read More
Canadian Airline WestJet Hit by Cyberattack
/in General NewsA cybersecurity incident at WestJet resulted in users experiencing interruptions when accessing the company’s application and website.
The post Canadian Airline WestJet Hit by Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
/in General NewsCybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that’s capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others.
The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox,
The Hacker News – Read More
Hackers Leak Data of 10,000 VirtualMacOSX Customers in Alleged Breach
/in General NewsHackers leak data of 10,000 VirtualMacOSX customers in alleged breach, exposing names, emails, passwords, and financial details on a hacking forum.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
How to Monetize Unity Apps: Best Practices
/in General NewsUnity is one of the most popular game engines for mobile and cross-platform app development. It powers millions…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More