BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
35,000 Solar Power Systems Exposed to Internet
/in General NewsResearchers from Forescout have analyzed the prevalence of internet-exposed solar power devices and shared a list of the top vendors and devices.
The post 35,000 Solar Power Systems Exposed to Internet appeared first on SecurityWeek.
SecurityWeek – Read More
HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass
/in General NewsHewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution.
“These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass,
The Hacker News – Read More
Trustifi Raises $25 Million for AI-Powered Email Security
/in General NewsTrustifi has raised $25 million in Series A funding to accelerate its product roadmap and go-to-market initiatives.
The post Trustifi Raises $25 Million for AI-Powered Email Security appeared first on SecurityWeek.
SecurityWeek – Read More
TXOne Networks Introduces Capability for Intelligent Vulnerability Mitigation
/in General NewsPost Content
darkreading – Read More
‘Crocodilus’ Sharpens Its Teeth on Android Users
/in General NewsThe data-stealing malware initially targeted users in Turkey but has since evolved into a global threat.
darkreading – Read More
LayerX Launches ExtensionPedia
/in General NewsPost Content
darkreading – Read More
Victoria’s Secret Delays Earnings Call Due to Cyber Incident
/in General NewsBut that didn’t stop the clothing retailer from issuing preliminary results for the first quarter of 2025.
darkreading – Read More
Smart Cars, Dumb Passwords: Auto Industry Still Runs on Weak Passwords
/in General NewsA new study by NordPass and NordStellar reveals the automotive industry is plagued by weak, reused, and common…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Phonely’s new AI agents hit 99% accuracy—and customers can’t tell they’re not human
/in General NewsPhonely, Maitai and Groq achieve breakthrough in AI phone support with sub-second response times and 99.2% accuracy, enabling human-level conversational AI for call centers.Read More
Security News | VentureBeat – Read More
Chrome Drops Trust for Chunghwa, Netlock Certificates
/in General NewsDigital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies.
darkreading – Read More