BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Identity Security Has an Automation Problem—And It’s Bigger Than You Think
/in General NewsFor many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders, reveals a different reality: too much still depends on people—not systems—to function. In fact, fewer than 4% of security teams have fully automated their core identity workflows.
Core workflows, like
The Hacker News – Read More
Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough
/in General NewsDespite massive investment, the explosion of sophisticated malware and deepfake attacks persists because organizations struggle to verify digital identities and establish fundamental trust.
The post Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough appeared first on SecurityWeek.
SecurityWeek – Read More
Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities
/in General NewsCisco published 10 security advisories detailing over a dozen vulnerabilities, including two high-severity flaws in its Identity Services Engine (ISE) and Unified Intelligence Center.
The post Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Signal’s new Windows update prevents the system from capturing screenshots of chats
/in General NewsSignal said today that it is updating its Windows app to prevent the system from capturing screenshots, thereby protecting the content that is on display. The company said that this new “screen security” setting is enabled by default on Windows 11. Signal said that this new feature is designed to protect users’ privacy from Microsoft’s […]
Security News | TechCrunch – Read More
INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia
/in General NewsCary, North Carolina, 22nd May 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
GitLab, Atlassian Patch High-Severity Vulnerabilities
/in General NewsGitLab and Atlassian have released patches for over a dozen vulnerabilities in their products, including high-severity bugs.
The post GitLab, Atlassian Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Dismantles Lumma Stealer Network, Seizes 2,000+ Domains
/in General NewsMicrosoft disrupts Lumma Stealer network, seizing 2,000 domains linked to 394,000 infections in global cybercrime crackdown with law enforcement partners.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Ivanti EPMM Exploitation Tied to Previous Zero-Day Attacks
/in General NewsWiz researchers found an opportunistic threat actor has been targeting vulnerable edge devices, including Ivanti VPNs and Palo Alto firewalls.
darkreading – Read More
Lumma Stealer Takedown Reveals Sprawling Operation
/in General NewsThe FBI and partners have disrupted “the world’s most popular malware,” a sleek enterprise with thousands of moving parts, responsible for millions of cyberattacks in every part of the world.
darkreading – Read More
I thought my favorite browser blocked trackers but this free privacy tool proved me wrong
/in General NewsCover Your Tracks opened my eyes… and made me switch browsers ASAP.
Latest stories for ZDNET in Security – Read More