BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Maze Banks $25M to Tackle Cloud Security with AI Agents
/in General NewsMaze and its investors are betting on finding profits in software that uses AI-powered agents to automate critical parts of the process.
The post Maze Banks $25M to Tackle Cloud Security with AI Agents appeared first on SecurityWeek.
SecurityWeek – Read More
Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices
/in General NewsVulnerable DTResearch UEFI firmware applications can be used in BYOVD attacks to bypass Secure Boot.
The post Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices appeared first on SecurityWeek.
SecurityWeek – Read More
Install this Windows patch ASAP before bootkit malware takes over your PC – here’s how
/in General NewsThe flaw is able to skirt past your usual security protection and evade detection, but Microsoft has a patch.
Latest stories for ZDNET in Security – Read More
Operation Secure: INTERPOL Disrupts 20,000 Infostealer Domains, 32 Arrested
/in General NewsINTERPOL disrupts 20,000 infostealer domains in major cybercrime crackdown across Asia-Pacific, 32 arrested, 216K victims notified in Operation Secure.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Webinar Today: Rethinking Endpoint Hardening for Today’s Attack Landscape
/in General NewsLearn how attackers hide in plain sight—and what you can do to stop them without slowing down your business.
The post Webinar Today: Rethinking Endpoint Hardening for Today’s Attack Landscape appeared first on SecurityWeek.
SecurityWeek – Read More
Outset raises $17M to replace human interviewers with AI agents for enterprise research
/in General NewsOutset raises $17M Series A to scale its AI-moderated research platform used by Nestlé, Microsoft, and WeightWatchers that’s 8x faster and 81% cheaper than traditional market research.Read More
Security News | VentureBeat – Read More
Fortinet, Ivanti Patch High-Severity Vulnerabilities
/in General NewsPatches released by Fortinet and Ivanti resolve over a dozen vulnerabilities, including high-severity flaws leading to code execution, credential leaks.
The post Fortinet, Ivanti Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Mirai Botnets Exploit Flaw in Wazuh Security Platform
/in General NewsThe two campaigns are good examples of the ever-shrinking time-to-exploit timelines that botnet operators have adopted for newly published CVEs.
darkreading – Read More
Cyera Raises $540 Million to Expand AI-Powered Data Security Platform
/in General NewsSeries E funding round brings Cyera’s total funding to over $1.3 billion and values the data security firm at $6 billion.
The post Cyera Raises $540 Million to Expand AI-Powered Data Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Recently Disrupted DanaBot Leaked Valuable Data for 3 Years
/in General NewsInvestigators leveraged a vulnerability dubbed DanaBleed to obtain insights into the internal operations of the DanaBot botnet.
The post Recently Disrupted DanaBot Leaked Valuable Data for 3 Years appeared first on SecurityWeek.
SecurityWeek – Read More