BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
Poland Says it was Targeted by Russian Military Intelligence Hackers
/in General NewsPoland’s CERT-PL said on Wednesday that it had observed a large-scale malware campaign, likely carried out by the hacker group APT28, also known as Fancy Bear, associated with Russia’s military intelligence agency, the GRU.
Cyware News – Latest Cyber News – Read More
Generative AI is a Looming Cybersecurity Threat
/in General NewsResearchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.
Cyware News – Latest Cyber News – Read More
With Nation-State Threats in Mind, Nearly 70 Software Firms Agree to Secure by Design Pledge
/in General NewsThe CISA announced the first round of commitments at the RSA Conference on Wednesday, with Director Jen Easterly warning that it was necessary because of widespread hacking campaigns by nation-states like China.
Cyware News – Latest Cyber News – Read More
Criminal Use of AI Growing, But Lags Behind Defenders
/in General NewsWhen not scamming other criminals, criminals are concentrating on the use of mainstream AI products rather than developing their own AI systems.
The post Criminal Use of AI Growing, But Lags Behind Defenders appeared first on SecurityWeek.
SecurityWeek – Read More
Security Tools Fail to Translate Risks for Executives
/in General NewsCISOs stress the importance of DevSecOps automation to mitigate risks associated with AI and emphasize the need for modernized security tools to combat evolving cyber threats and comply with regulations.
Cyware News – Latest Cyber News – Read More
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Payload Delivery
/in General NewsIn the attack chain observed by Juniper Threat Labs, CVE-2023-46805 is exploited to gain access to the “/api/v1/license/key-status/;” endpoint, which is vulnerable to command injection, and inject the payload.
Cyware News – Latest Cyber News – Read More
Upgrade Your Cybersecurity With This VPN That’s Only $70 for Three Years
/in General NewsWindscribe VPN gives you tools to block ads, create a safe hotspot, spoof your location, and more for the 3 years for the best price online.
Security | TechRepublic – Read More
How Government Agencies Can Leverage Grants to Shore Up Cybersecurity
/in General NewsWith the help of grant funding, agencies and organizations can better defend themselves and their constituents.
darkreading – Read More
LockBit Takes Credit for City of Wichita Ransomware Attack
/in General NewsThe LockBit cybercrime group has taken credit for the recent ransomware attack that disrupted City of Wichita systems.
The post LockBit Takes Credit for City of Wichita Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Announces CVE Enrichment Project ‘Vulnrichment’
/in General NewsCISA’s Vulnrichment project is adding important information to CVE records to help improve vulnerability management processes.
The post CISA Announces CVE Enrichment Project ‘Vulnrichment’ appeared first on SecurityWeek.
SecurityWeek – Read More