BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Android could soon protect you from malicious apps by quarantining them
/in General NewsQuarantining an Android app will hide its screens and notifications, prevent it from ringing your device, and make sure its services can’t be called by other apps.
Latest stories for ZDNET in Security – Read More
Kaspersky Study: Devices Infected With Data-Stealing Malware Increased by 7 Times Since 2020
/in General NewsNearly 10 million devices were infected with data-stealing malware in 2023, with criminals stealing an average of 50.9 credentials per device.
Security | TechRepublic – Read More
US Government and OpenSSF Partner on New SBOM Management Tool
/in General NewsProtobom, the new open source software tool, will help all organizations read and generate SBOMs and file data, as well as translate this data across standard industry SBOM formats.
Cyware News – Latest Cyber News – Read More
Global Police Operation Disrupts ‘LabHost’ Phishing Service, Over 30 Arrested Worldwide
/in General NewsAs many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost that has been used by criminal actors to steal personal credentials from victims around the world.
Cyware News – Latest Cyber News – Read More
SAP Applications Increasingly in Attacker Crosshairs, Report Shows
/in General NewsMalicious hackers are targeting SAP applications at an alarming pace, according to warnings from Onapsis and Flashpoint.
The post SAP Applications Increasingly in Attacker Crosshairs, Report Shows appeared first on SecurityWeek.
SecurityWeek – Read More
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade
/in General NewsSelect Ukrainian government networks have remained infected with a malware called OfflRouter since 2015.
Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform.
“The documents contained VBA code to drop and run an executable with the name ‘ctrlpanel.exe,'”
The Hacker News – Read More
United Nations Agency Investigating Ransomware Attack Involving Data Theft
/in General NewsUnited Nations Development Programme (UNDP) investigating a ransomware attack in which hackers stole sensitive data.
The post United Nations Agency Investigating Ransomware Attack Involving Data Theft appeared first on SecurityWeek.
SecurityWeek – Read More
Multi-Data Platform SIEM Anvilogic Raises $45 Million
/in General NewsSilicon Valley startup Anvilogic has raised $45 million in a Series C funding round led by Evolution Equity Partners.
The post Multi-Data Platform SIEM Anvilogic Raises $45 Million appeared first on SecurityWeek.
SecurityWeek – Read More
IT and Security Professionals Demand More Workplace Flexibility
/in General NewsThe concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a key workplace priority, according to Ivanti.
Cyware News – Latest Cyber News – Read More
FIN7 Targets American Automaker’s IT Staff in Phishing Attacks
/in General NewsThe financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor.
Cyware News – Latest Cyber News – Read More