BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Two Serbian journalists reportedly targeted with Pegasus spyware
/in General NewsTwo investigative journalists in Serbia were targeted with advanced commercial spyware last month, Amnesty International said Thursday.
The Record from Recorded Future News – Read More
The Importance of Allyship For Women in Cyber
/in General NewsInterview with Taylor Pyle, a Cybersecurity Engineer at Viasat on her experience with both cyber and mentorship.
The post The Importance of Allyship For Women in Cyber appeared first on SecurityWeek.
SecurityWeek – Read More
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
/in General NewsAn advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India’s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country.
Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as
The Hacker News – Read More
Defense Contractor MORSE to Pay $4.6M to Settle Cybersecurity Failure Allegations
/in General NewsUS defense contractor MORSE Corp has agreed to pay $4.6 million to settle allegations over its cybersecurity failures.
The post Defense Contractor MORSE to Pay $4.6M to Settle Cybersecurity Failure Allegations appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Groups Increasingly Adopting EDR Killer Tools
/in General NewsESET uncovers a link between RansomHub, Play, Medusa, and BianLian ransomware gangs as more groups adopt tools to disable EDR software.
The post Ransomware Groups Increasingly Adopting EDR Killer Tools appeared first on SecurityWeek.
SecurityWeek – Read More
New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It
/in General NewsWhether it’s CRMs, project management tools, payment processors, or lead management tools – your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more.
A new report, Understanding SaaS Security Risks: Why
The Hacker News – Read More
T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit
/in General NewsT-Mobile paid $33 million in a private arbitration process over a SIM swap attack leading to cryptocurrency theft.
The post T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit appeared first on SecurityWeek.
SecurityWeek – Read More
Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration
/in General NewsCybersecurity researcher Jeremiah Fowler discovered a data exposure at Australian fintech Vroom by YouX, exposing 27,000 records, including driver’s licenses, bank statements, and more.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
AI Security Firm Straiker Emerges From Stealth With $21M in Funding
/in General NewsStraiker has emerged from stealth mode with a solution designed to help enterprises secure AI agents and applications.
The post AI Security Firm Straiker Emerges From Stealth With $21M in Funding appeared first on SecurityWeek.
SecurityWeek – Read More
More Solar System Vulnerabilities Expose Power Grids to Hacking
/in General NewsForescout has found dozens of vulnerabilities in solar power systems from Sungrow, Growatt and SMA.
The post More Solar System Vulnerabilities Expose Power Grids to Hacking appeared first on SecurityWeek.
SecurityWeek – Read More