BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
US Weakens Disinformation Defenses, as Russia & China Ramp Up
/in General NewsRussia and China spend billions of dollars on state media, propaganda, and disinformation, while the Trump administration has slashed funding for US agencies.
darkreading – Read More
Oracle Denies Claim of Oracle Cloud Breach of 6M Records
/in General NewsA threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.
darkreading – Read More
Cyberattack disrupts train ticket sales in Ukraine
/in General NewsUkrzaliznytsia, Ukraine’s state-owned railway operator, has been hit by a cyberattack that disrupted online ticket sales.
Security News | TechCrunch – Read More
Oracle Denies Cloud Breach After Hacker Offers to Sell Data
/in General NewsOracle has denied that Cloud systems have been breached after a hacker claimed to have stolen millions of records.
The post Oracle Denies Cloud Breach After Hacker Offers to Sell Data appeared first on SecurityWeek.
SecurityWeek – Read More
Russian Firm Offers $4 Million for Telegram Exploits
/in General NewsA Russian exploit acquisition firm says it is willing to pay up to $4 million for full-chain exploits targeting the popular messaging service Telegram. The firm, Operation Zero, is known for selling zero-day exploits exclusively to Russian government and private organizations. On March 20, the exploit broker announced on X that it was offering up […]
The post Russian Firm Offers $4 Million for Telegram Exploits appeared first on SecurityWeek.
SecurityWeek – Read More
Webinar Tomorrow: Which Security Testing Approach is Right for You?
/in General NewsUnderstand whether BAS, Automated Penetration Testing, or the combined approach of Adversarial Exposure Validation (AEV) aligns best with your organization’s unique security needs.
The post Webinar Tomorrow: Which Security Testing Approach is Right for You? appeared first on SecurityWeek.
SecurityWeek – Read More
US Lifts Sanctions Against Crypto Mixer Tornado Cash
/in General NewsThe US Department of the Treasury has removed sanctions against the fully decentralized cryptocurrency mixer service Tornado Cash.
The post US Lifts Sanctions Against Crypto Mixer Tornado Cash appeared first on SecurityWeek.
SecurityWeek – Read More
FCC Probes Whether Banned Chinese Telecom Providers Still Operating in US
/in General NewsThe FCC is investigating whether Chinese firms such as Huawei, ZTE and China Telecom are still operating in the US.
The post FCC Probes Whether Banned Chinese Telecom Providers Still Operating in US appeared first on SecurityWeek.
SecurityWeek – Read More
Cloak Ransomware Hits Virginia Attorney General’s Office, Disrupts IT Systems
/in General NewsCloak ransomware group claims attack on Virginia attorney general’s office, demands ransom for stolen data. Investigation underway. Find out the impact and what’s being done.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Medusa Ransomware Uses Malicious Driver to Disable Security Tools
/in General NewsThe Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems.
The post Medusa Ransomware Uses Malicious Driver to Disable Security Tools appeared first on SecurityWeek.
SecurityWeek – Read More