BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
SAP Applications Increasingly in Attacker Crosshairs, Report Shows
/in General NewsMalicious hackers are targeting SAP applications at an alarming pace, according to warnings from Onapsis and Flashpoint.
The post SAP Applications Increasingly in Attacker Crosshairs, Report Shows appeared first on SecurityWeek.
SecurityWeek – Read More
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade
/in General NewsSelect Ukrainian government networks have remained infected with a malware called OfflRouter since 2015.
Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform.
“The documents contained VBA code to drop and run an executable with the name ‘ctrlpanel.exe,'”
The Hacker News – Read More
United Nations Agency Investigating Ransomware Attack Involving Data Theft
/in General NewsUnited Nations Development Programme (UNDP) investigating a ransomware attack in which hackers stole sensitive data.
The post United Nations Agency Investigating Ransomware Attack Involving Data Theft appeared first on SecurityWeek.
SecurityWeek – Read More
Multi-Data Platform SIEM Anvilogic Raises $45 Million
/in General NewsSilicon Valley startup Anvilogic has raised $45 million in a Series C funding round led by Evolution Equity Partners.
The post Multi-Data Platform SIEM Anvilogic Raises $45 Million appeared first on SecurityWeek.
SecurityWeek – Read More
IT and Security Professionals Demand More Workplace Flexibility
/in General NewsThe concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a key workplace priority, according to Ivanti.
Cyware News – Latest Cyber News – Read More
FIN7 Targets American Automaker’s IT Staff in Phishing Attacks
/in General NewsThe financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor.
Cyware News – Latest Cyber News – Read More
FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor
/in General NewsThe infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak).
“FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights,” the BlackBerry research and intelligence team said in a new write-up.
“They
The Hacker News – Read More
Break Security Burnout: Combining Leadership With Neuroscience
/in General NewsIndustry leaders aim to solve the threat to both the mental health of workers and security of organizations with solutions that recognize the enormous pressures facing cybersecurity professionals.
darkreading – Read More
Five Eyes Agencies Release New AI Security Guidance
/in General NewsFive Eyes cybersecurity agencies have released joint guidance on securely deploying and operating AI systems.
The post Five Eyes Agencies Release New AI Security Guidance appeared first on SecurityWeek.
SecurityWeek – Read More
Rebalancing NIST: Why ‘Recovery’ Can’t Stand Alone
/in General NewsThe missing ingredient in NIST’s newest cybersecurity framework? Recovery.
darkreading – Read More