BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
When is One Vulnerability Scanner Not Enough?
/in General NewsLike antivirus software, vulnerability scans rely on a database of known weaknesses.
That’s why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn’t existed in the vulnerability management space.
The benefits of using multiple scanning engines
Generally speaking
The Hacker News – Read More
US Warns of Russian Hackers Targeting Operational Technology in Water Systems
/in General NewsThe alert says that water operators are employing poor security standards that have allowed the hackers to breach their networks, including the use of default passwords that are included when the water system management tools are first installed.
Cyware News – Latest Cyber News – Read More
Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft
/in General NewsWeaponizing Microsoft’s own services for command-and-control is simple and costless, and it helps attackers better avoid detection.
darkreading – Read More
Cyber Startup Oasis Secures $35 Million Series A Extension, Doubles Valuation
/in General NewsThe extension round was led by existing investors Accel, Cyberstarts, and Sequoia Capital, along with private investors. Oasis has now raised a total of $75 million, including its seed round and previous Series A.
Cyware News – Latest Cyber News – Read More
AI is Creating a New Generation of Cyberattacks
/in General NewsMost businesses see offensive AI fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven attacks, according to Netacea.
Cyware News – Latest Cyber News – Read More
Iranian Hackers Impersonate Journalists in Social Engineering Campaign
/in General NewsA hacking group linked to the intelligence wing of Iran’s Revolutionary Guard Corps impersonated journalists and human rights activists as part of a social engineering campaign, according to research released Wednesday by Mandiant and Google Cloud.
Cyware News – Latest Cyber News – Read More
Corelight Gets $150M to Expand Detection, Improve Workflows
/in General NewsThe latest investment will allow Corelight to deepen its relationship with existing partners, while extending its expertise from large enterprises and government entities to the enterprise sector.
Cyware News – Latest Cyber News – Read More
Dropbox Data Breach Impacts Customer Information
/in General NewsDropbox says hackers breached its Sign production environment and accessed customer email addresses and hashed passwords.
The post Dropbox Data Breach Impacts Customer Information appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild.
Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email
The Hacker News – Read More
‘DuneQuixote’ Shows Stealth Cyberattack Methods Are Evolving. Can Defenders Keep Up?
/in General NewsA recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. With cyberattackers getting more creative, defenders must start keeping pace.
darkreading – Read More