BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Cybersecurity M&A Roundup: 23 Deals Announced in March 2025
/in General NewsLess than two dozen cybersecurity merger and acquisition (M&A) deals were announced in March 2025.
The post Cybersecurity M&A Roundup: 23 Deals Announced in March 2025 appeared first on SecurityWeek.
SecurityWeek – Read More
Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability
/in General NewsTwo CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’.
The post Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
39 Million Secrets Leaked on GitHub in 2024
/in General NewsGitHub has announced new capabilities to help organizations and developers keep secrets in their code protected.
The post 39 Million Secrets Leaked on GitHub in 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
Want AI to work for your business? Then privacy needs to come first
/in General NewsCisco’s latest study reveals how strong privacy practices are becoming a competitive advantage for businesses adopting AI – and why companies are shifting budgets to keep up.
Latest stories for ZDNET in Security – Read More
Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks
/in General NewsCisco fixes two high-severity denial-of-service vulnerabilities in Meraki devices and Enterprise Chat and Email.
The post Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent
/in General NewsCybersecurity researchers have disclosed details of a new vulnerability impacting Google’s Quick Share data transfer utility for Windows that could be exploited to achieve a denial-of-service (DoS) or send arbitrary files to a target’s device without their approval.
The flaw, tracked as CVE-2024-10668 (CVSS score: 5.9), is a bypass for two of the 10 shortcomings that were originally disclosed by
The Hacker News – Read More
Google Released Second Fix for Quick Share Flaws After Patch Bypass
/in General NewsGoogle’s patches for Quick Share for Windows vulnerabilities leading to remote code execution were incomplete and could be easily bypassed.
The post Google Released Second Fix for Quick Share Flaws After Patch Bypass appeared first on SecurityWeek.
SecurityWeek – Read More
The big VPN choice: System-wide or just in the browser? How to decide
/in General NewsVPNs are a must for privacy, but should you protect your whole system or just use a VPN in your browser? Here’s the difference and how to decide which option is best for you.
Latest stories for ZDNET in Security – Read More
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
/in General NewsCounterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada.
“More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia,” Kaspersky said in a report. The infections were recorded between March 13 and 27, 2025.
Triada is the
The Hacker News – Read More
Israel Enters ‘Stage 3’ of Cyber Wars With Iran Proxies
/in General NewsWhile Israel and Iranian proxies fight it out IRL, their conflict in cyberspace has developed in parallel. These days attacks have decelerated, but advanced in sophistication.
darkreading – Read More