BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Atlassian Tightens API After Hacker Scrapes 15M Trello Profiles
/in General NewsThe company hasn’t acknowledged responsibility for the incident, although allowing scraping paves the way for dangerous follow-on attacks.
darkreading – Read More
Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach
/in General NewsHackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise’s (HPE) cloud email environment to exfiltrate mailbox data.
“The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,”
The Hacker News – Read More
Darktrace and Garland Technology Collaborate to Help Businesses Secure Operational Technology Environments
/in General NewsPost Content
darkreading – Read More
Ring Will Stop Giving Cops a Free Pass on Warrantless Video Requests
/in General NewsThe Amazon-owned home surveillance company says it is shuttering a feature in its Neighbors app that allows police to request footage from users. But it’s not shutting out the cops entirely.
Security Latest – Read More
Cyber League: UK’s NCSC Calls on Industry Experts to Join its Fight Against Cyber Threats
/in General NewsThe NCSC wants volunteers from the U.K.’s public and private sectors to join its new cybersecurity community.
Security | TechRepublic – Read More
Jason’s Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack
/in General NewsBy Waqas
The data breach occurred a few days before Christmas on December 21, 2023, but the details have only been revealed now.
This is a post from HackRead.com Read the original post: Jason’s Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Kasseika Ransomware Linked to BlackMatter in BYOVD Attack
/in General NewsAn emerging actor is the latest to deploy a tactic that terminates AV processes and services before deploying its payload; the campaign is part of a bigger “bring your own vulnerable driver” trend.
darkreading – Read More
How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production
/in General NewsAn external threat actor in possession of a Google account could misuse this misconfiguration by using their own Google OAuth 2.0 bearer token to seize control of the cluster for follow-on exploitation.
Cyware News – Latest Cyber News – Read More
Water Services Giant Veolia North America Hit by Ransomware Attack
/in General NewsThe company has discovered a limited number of individuals whose personal information may have been impacted during the breach and is working with a third-party forensics firm to assess the extent of the attack’s impact on its operations and systems.
Cyware News – Latest Cyber News – Read More
Windows 11 KB5034204 Update Fixes Bluetooth Audio Issues, 24 bugs
/in General NewsKB5034204 also fixes an issue caused by a deadlock that prevents search from working on the Start menu for some users and addresses a bug affecting the OpenType font driver, affecting how text renders for third-party applications.
Cyware News – Latest Cyber News – Read More