BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Campcodes Online Hospital Management System 1.0 - SQL Injection
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
- [remote] Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
Crypto Stealing PyPI Malware Hits Both Windows and Linux Users
/in General NewsBy Deeba Ahmed
FortiGuard Labs’ latest research report reveals a concerning trend: threat actors are leveraging the Python Package Index (PyPI),…
This is a post from HackRead.com Read the original post: Crypto Stealing PyPI Malware Hits Both Windows and Linux Users
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
New Soap2day Domains Emerge Despite Legal Challenges
/in General NewsBy Waqas
Soap2day: From Ashes to Pixels – The Curious Case of a Streaming Phoenix.
This is a post from HackRead.com Read the original post: New Soap2day Domains Emerge Despite Legal Challenges
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
23andMe Failed to Detect Account Intrusions for Months
/in General NewsPlus: North Korean hackers get into generative AI, a phone surveillance tool that can monitor billions of devices gets exposed, and ambient light sensors pose a new privacy risk.
Security Latest – Read More
The future of biometrics in a zero trust world
/in General NewsBadge operates on a cryptographically zero-knowledge basis, not trusting any party with sensitive data, and offers quantum resistance for future-proof security.Read More
Security News | VentureBeat – Read More
Study finds AI ‘revolution’ moving at a crawl in enterprises
/in General NewsA new survey reveals that despite the hype around generative AI, real-world enterprise adoption remains low due to barriers like skills gaps, infrastructure constraints, and overall AI integration challenges.Read More
Security News | VentureBeat – Read More
NRC Issues Recommendations for Better Network, Software Security
/in General NewsThe Network Resilience Coalition pushes adoption of standards like SSDF, OpenEoX and CISA’s Secure By Design and Default framework.
darkreading – Read More
AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks
/in General NewsMexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT.
The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign has been active since at least 2021.
“Lures use Mexican Social
The Hacker News – Read More
Update: Nearly 800 GoAnywhere Instances are Unpatched, Exposed to Critical CVE
/in General NewsThe majority of GoAnywhere MFT admin interfaces running on default port settings are hosted in the U.S., with more than 3 in 5 publicly exposed instances hosted on cloud networks operated by Amazon, Microsoft, and Google.
Cyware News – Latest Cyber News – Read More
Therapy Provider Notifying 4 Million Patients of PJ&A Hack
/in General NewsThe breach has impacted at least 14 million patients across various organizations. The hack prompted a warning from New York’s attorney general about potential identity theft and fraud risks.
Cyware News – Latest Cyber News – Read More
Update: Akira Ransomware Gang Says It Stole Passport Scans From Lush
/in General NewsThe Akira ransomware gang has claimed responsibility for a cybersecurity incident at a British bath bomb merchant. They have stolen 110 GB of data, including personal documents such as passport scans, from the global cosmetics giant.
Cyware News – Latest Cyber News – Read More