BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Fake Kling AI Malvertisements Lure Victims With False Promises
/in General NewsResearchers noted that they found several similar websites, two of which are still operating and require the same kind of behavior on behalf of the victim.
darkreading – Read More
Senators question Noem about CISA cuts, but get few details
/in General NewsHomeland Security Secretary Kristi Noem declined to provide specifics on what would be removed from the nation’s leading cybersecurity agency in light of the Trump administration’s proposed $491 million budget cut to the organization.
The Record from Recorded Future News – Read More
Ohio’s Kettering Health system facing widespread outages after cyberattack
/in General NewsThe Kettering Health network based in western Ohio reported a system-wide technology outage that it tracked to “unauthorized access.”
The Record from Recorded Future News – Read More
Virgin Media 02 Vuln Exposes Call Recipient Location
/in General NewsA hacker exploiting the security flaw in the mobile provider’s network could have potentially located a call recipient with accuracy of up to 100 square meters.
darkreading – Read More
Cyberthreat to Alabama state government ‘neutralized’
/in General NewsAfter a cyberattack first identified about 10 days ago, Alabama’s IT leaders said the “threat has been neutralized and Alabama’s core operations are safe and stable.”
The Record from Recorded Future News – Read More
AI agent adoption is driving increases in opportunities, threats, and IT budgets
/in General NewsWhile 79% of security leaders believe that AI agents will introduce new security and compliance challenges, 80% say AI agents will introduce new security opportunities.
Latest stories for ZDNET in Security – Read More
Bumblebee Malware Takes Flight via Trojanized VMware Utility
/in General NewsAn employee inadvertently downloaded a malicious version of the legitimate RVTools utility, which launched an investigation into an attempted supply chain attack aimed at delivering the recently revived initial-access loader.
darkreading – Read More
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
/in General NewsAn unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code.
“The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis
The Hacker News – Read More
Hazy Hawk Attack Spotted Targeting Abandoned Cloud Assets Since 2023
/in General NewsInfoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
‘Hazy Hawk’ Cybercrime Gang Swoops In for Cloud Resources
/in General NewsSince December 2023, the threat group has preyed on domains belonging to the US Centers for Disease Control and Prevention (CDC) and numerous other reputable organizations worldwide to redirect users to malicious sites.
darkreading – Read More