BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Ransomware Group Claims Attack on Virginia Attorney General’s Office
/in General NewsThe Cloak ransomware group has claimed responsibility for a February cyberattack on Virginia Attorney General’s Office.
The post Ransomware Group Claims Attack on Virginia Attorney General’s Office appeared first on SecurityWeek.
SecurityWeek – Read More
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
/in General NewsThe threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools.
Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS
The Hacker News – Read More
Why Cyber Quality Is the Key to Security
/in General NewsThe time to secure foundations, empower teams, and make cyber resilience the standard is now — because the cost of waiting is far greater than the investment in proactive security.
darkreading – Read More
New Attacks Exploit Year-Old ServiceNow Flaws – Israel Hit Hardest
/in General NewsServiceNow vulnerability alert: Hackers are actively exploiting year-old flaws (CVE-2024-4879, CVE-2024-5217, CVE-2024-5178) for database access. Learn how to…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Russian zero-day seller is offering up to $4 million for Telegram exploits
/in General NewsTwo sources in the zero-day industry say Operation Zero’s prices for exploits against the popular messaging app Telegram will depend on different factors.
Security News | TechCrunch – Read More
Industry Reactions to Google Buying Wiz: Feedback Friday
/in General NewsIndustry professionals comment on Google acquiring cloud security giant Wiz for $32 billion in cash.
The post Industry Reactions to Google Buying Wiz: Feedback Friday appeared first on SecurityWeek.
SecurityWeek – Read More
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
/in General NewsThe China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a “global espionage campaign” that took place in 2022 targeting seven organizations.
These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place
The Hacker News – Read More
Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley
/in General NewsThe FishMonger APT group, a subdivision of Chinese cybersecurity firm I-Soon, compromised seven organizations in a 2022 campaign.
The post Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley appeared first on SecurityWeek.
SecurityWeek – Read More
Former NFL, Michigan Assistant Coach Matt Weiss Charged With Hacking for Athletes’ Intimate Photos
/in General NewsFormer NFL and University of Michigan assistant football coach Matt Weiss hacked into the computer accounts of thousands of college athletes seeking intimate photos and videos.
The post Former NFL, Michigan Assistant Coach Matt Weiss Charged With Hacking for Athletes’ Intimate Photos appeared first on SecurityWeek.
SecurityWeek – Read More
How to Avoid US-Based Digital Services—and Why You Might Want To
/in General NewsAmid growing concerns over Big Tech firms aligning with Trump administration policies, people are starting to move their digital lives to services based overseas. Here’s what you need to know.
Security Latest – Read More