BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Webinar Today: Why Context is a Secret Weapon in Application Security Posture Management
/in General NewsJoin the live webinar to understand why data in itself is not enough to make informed decisions for prioritization.
The post Webinar Today: Why Context is a Secret Weapon in Application Security Posture Management appeared first on SecurityWeek.
SecurityWeek – Read More
The US Is Storing Migrant Children’s DNA in a Criminal Database
/in General NewsCustoms and Border Protection has swabbed the DNA of migrant children as young as 4, whose genetic data is uploaded to an FBI-run database that can track them if they commit crimes in the future.
Security Latest – Read More
‘Haozi’ Gang Sells Turnkey Phishing Tools to Amateurs
/in General NewsThe phishing operation is using Telegram groups to sell a phishing-as-a-service kit with customer service, a mascot, and infrastructure that requires little technical knowledge to install.
darkreading – Read More
Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025
/in General NewsAgentic AI can be a great tool for many of the ‘gray area’ tasks that SOC analysts undertake.
The post Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025 appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
/in General NewsGoogle on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2).
The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities.
“Misuse of cloud
The Hacker News – Read More
Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin
/in General NewsCybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files.
TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social
The Hacker News – Read More
DanaBot takedown shows how agentic AI cut months of SOC analysis to weeks
/in General NewsAgentic AI played a decisive role in dismantling DanaBot, a Russian malware platform responsible for more than 50 million dollars in damages.Read More
Security News | VentureBeat – Read More
OneDrive File Picker Flaw Gives Apps Full Access to User Drives
/in General NewsA recent investigation by cybersecurity researchers at Oasis Security has revealed a data overreach in how Microsoft’s OneDrive…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Security startup Horizon3.ai is raising $100M in new round
/in General NewsHorizon3.ai, a cybersecurity startup that provides tools like autonomous penetration testing, is seeking to raise $100 million in a new funding round and has locked down at least $73 million, the company revealed in an SEC filing this week. NEA led the round, according to two people familiar with the deal. One person said that […]
Security News | TechCrunch – Read More
Hundreds of Web Apps Have Full Access to Microsoft OneDrive Files
/in General NewsResearchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions.
darkreading – Read More