BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
North Korean Hackers Hijack Antivirus Updates for Malware Delivery
/in General NewsA North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners.
The post North Korean Hackers Hijack Antivirus Updates for Malware Delivery appeared first on SecurityWeek.
SecurityWeek – Read More
Iran Dupes US Military Contractors, Gov’t Agencies in Years-Long Cyber Campaign
/in General NewsA state-sponsored hacking team employed a clever masquerade and elaborate back-end infrastructure as part of a five-year info-stealing campaign that compromised the US State and Treasury Departments, and hundreds of thousands of accounts overall.
darkreading – Read More
2023: A ‘Good’ Year for OT Cyberattacks
/in General NewsAttacks increased by “only” 19% last year. But that number is expected to grow significently.
darkreading – Read More
Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon
/in General NewsAs a security industry, we need to focus our energies on those professionals among us who know how to walk the walk.
The post Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon appeared first on SecurityWeek.
SecurityWeek – Read More
Fortify AI Training Datasets From Malicious Poisoning
/in General NewsJust like you should check the quality of the ingredients before you make a meal, it’s critical to ensure the integrity of AI training data.
darkreading – Read More
Hackers Publish Fake Story About Ukrainians Attempting To Assassinate Slovak President
/in General NewsAn unidentified attacker hacked a Czech news service’s website and published a fake story on Tuesday claiming that an assassination attempt had been made against the newly elected Slovak president Petr Pellegrini.
Cyware News – Latest Cyber News – Read More
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs
/in General NewsAn exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.
darkreading – Read More
Tines Bags $50 Million Funding for Security Workflow Automation
/in General NewsIrish startup Tines raises $50 million in new venture capital funding as investors make big bets on automation and orchestration startups.
The post Tines Bags $50 Million Funding for Security Workflow Automation appeared first on SecurityWeek.
SecurityWeek – Read More
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
/in General NewsThe U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021.
This includes the front companies Mehrsam Andisheh Saz Nik (MASN) and Dadeh
The Hacker News – Read More
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike
/in General NewsCybersecurity researchers have discovered an ongoing attack campaign that’s leveraging phishing emails to deliver malware called SSLoad.
The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software.
“SSLoad is designed to stealthily infiltrate systems, gather sensitive
The Hacker News – Read More