BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources
/in General NewsThe U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors’ attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties.
The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State.
“The
The Hacker News – Read More
Attack Report: Custom QR Code Phishing Templates
/in General NewsHackers are using custom QR code templates that are personalized for each target organization, making the attacks appear more legitimate and increasing their chances of success.
Cyware News – Latest Cyber News – Read More
Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps
/in General NewsMicrosoft has uncovered a new type of attack called Dirty Stream that impacted Android apps with billions of installations.
The post Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps appeared first on SecurityWeek.
SecurityWeek – Read More
Essential Steps for Zero-Trust Strategy Implementation
/in General NewsAccording to Gartner, 63% of organizations worldwide have fully or partially implemented a zero-trust strategy. For 78% of organizations implementing a zero-trust strategy, this investment represents less than 25% of the overall cybersecurity budget.
Cyware News – Latest Cyber News – Read More
Watch Out for Tech Support Scams Lurking in Sponsored Search Results
/in General NewsScammers often impersonate reputable companies like CNN and Amazon, leading users to malicious sites. Victims are urged to call fake tech support numbers, leading to costly scams.
Cyware News – Latest Cyber News – Read More
NASA Doesn’t Know if Its Spacecraft Have Adequate Cyber Defenses, GAO Warns
/in General NewsNASA has been cautioned by the Government Accountability Office (GAO) for not having mandatory security guidance in place for its spacecraft acquisition policies and standards.
Cyware News – Latest Cyber News – Read More
White House Issues National Security Memorandum for Critical Infrastructure
/in General NewsThe White House has published a national security memorandum focusing on critical infrastructure security and resilience.
The post White House Issues National Security Memorandum for Critical Infrastructure appeared first on SecurityWeek.
SecurityWeek – Read More
Lawsuits and Company Devaluations Await For Breached Firms
/in General NewsA new report from Netwrix has laid bare the significant financial and reputational costs stemming from serious cyber-attacks, including what are often unplanned expenses.
Cyware News – Latest Cyber News – Read More
These Dangerous Scammers Don’t Even Bother to Hide Their Crimes
/in General News“Yahoo Boy” cybercriminals are openly running dozens of scams across Facebook, WhatsApp, Telegram, TikTok, YouTube, and more.
Security Latest – Read More
Why Cloud Vulnerabilities Need CVEs
/in General NewsCloud services have introduced new challenges for vulnerability management, as organizations no longer control the underlying infrastructure and must focus on configuration management rather than just patching.
Cyware News – Latest Cyber News – Read More