BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
North Korean IT worker scam is now a threat to all companies, cybersecurity experts say
/in General NewsOne cybersecurity expert even said he recently found evidence that a U.S. political campaign in Oregon hired a North Korean IT worker.
The Record from Recorded Future News – Read More
Getting Outlook.com Ready for Bulk Email Compliance
/in General NewsMicrosoft has set May 5 as the deadline for bulk email compliance. In this Tech Tip, we show how organizations can still make the deadline.
darkreading – Read More
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
/in General NewsCybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin.
The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code.
“Pinging functionality that can report back to a command-and-control (C&C) server
The Hacker News – Read More
Canadian Electric Utility Hit by Cyberattack
/in General NewsNova Scotia Power and Emera are responding to a cybersecurity incident that impacted IT systems and networks.
The post Canadian Electric Utility Hit by Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
A Cybersecurity Paradox: Even Resilient Organizations Are Blind to AI Threats
/in General NewsA LevelBlue report looks at what goes into the security postures of a cyber-resilient organization, and found that AI is still a blind spot.
darkreading – Read More
Think Twice Before Creating That ChatGPT Action Figure
/in General NewsPeople are using ChatGPT’s new image generator to take part in viral social media trends. But using it also puts your privacy at risk—unless you take a few simple steps to protect yourself.
Security Latest – Read More
When Threat Actors Behave Like Managed Service Providers
/in General NewsHow one unreasonable client got lucky during a cyber incident, despite their unreasonable response to the threat.
darkreading – Read More
Astronomer’s $93M raise underscores a new reality: Orchestration is king in AI infrastructure
/in General NewsAstronomer secures $93 million in Series D funding to solve the AI implementation gap through data orchestration, helping enterprises streamline complex workflows and operationalize AI initiatives at scale.Read More
Security News | VentureBeat – Read More
Putin’s Cyberattacks on Ukraine Rise 70%, With Little Effect
/in General NewsRussia’s cyberattacks on Ukraine have increased dramatically, targeting the country’s government and defense infrastructure.
darkreading – Read More
Year of the Twin Dragons: Developers Must Slay the Complexity and Security Issues of AI Coding Tools
/in General NewsThe advantages AI tools deliver in speed and efficiency are impossible for developers to resist. But the complexity and risk created by AI-generated code can’t be ignored.
The post Year of the Twin Dragons: Developers Must Slay the Complexity and Security Issues of AI Coding Tools appeared first on SecurityWeek.
SecurityWeek – Read More