BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
Inside Ukraine’s Killer-Drone Startup Industry
/in General NewsUkraine needs small drones to combat Russian forces—and is bootstrapping its own industry at home.
Security Latest – Read More
New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials
/in General NewsA new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests.
“This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent
The Hacker News – Read More
Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says
/in General NewsUnitedHealth CEO Andrew Witty said in a U.S. Senate hearing that his company is still trying to understand why the server did not have the additional protection.
The post Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says appeared first on SecurityWeek.
SecurityWeek – Read More
Deepfake of Principal’s Voice Is the Latest Case of AI Being Used for Harm
/in General NewsEveryone — not just politicians and celebrities — should be concerned about this increasingly powerful deep-fake technology, experts say.
The post Deepfake of Principal’s Voice Is the Latest Case of AI Being Used for Harm appeared first on SecurityWeek.
SecurityWeek – Read More
Private Internet Search Is Still Finding Its Way
/in General NewsThe quest to keep data private while still being able to search may soon be within reach, with different companies charting their own paths.
darkreading – Read More
UnitedHealth Congressional Testimony Reveals Rampant Security Fails
/in General NewsThe breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change’s backup strategy failed.
darkreading – Read More
Intel 471 Acquires Cyborg Security
/in General NewsPost Content
darkreading – Read More
Cobalt’s 2024 State of Pentesting Report Reveals Cybersecurity Industry Needs
/in General NewsPost Content
darkreading – Read More
Red Hat’s latest enterprise Linux delivers new features to tackle hybrid-cloud complexity
/in General NewsIn addition to unveiling RHEL 9.4, the company says it will support RHEL 7 for an extra four years.
Latest stories for ZDNET in Security – Read More
Shadow APIs: An Overlooked Cyber-Risk for Orgs
/in General NewsUnmanaged and unknown Web services endpoints are just some of the challenges organizations must address to improve API security.
darkreading – Read More