BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
OAuth Attacks Target Microsoft 365, GitHub
/in General NewsIn a cyber twist, attackers behind two of the campaigns are using the apps to redirect users to phishing and malware distribution sites.
darkreading – Read More
ClickFix Attack Compromises 100+ Car Dealership Sites
/in General NewsThe ClickFix attack tactic seems to be gaining traction among threat actors.
darkreading – Read More
GitHub restores code following malicious changes to tj-actions tool
/in General NewsGitHub was forced to take action this weekend to help users after a threat actor compromised a popular open source package used by more than 23,000 organizations.
The Record from Recorded Future News – Read More
Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware
/in General NewsMedusa ransomware now operates as a RaaS model, recruiting affiliates from criminal forums to launch attacks, encrypt data, and extort victims worldwide.
Security | TechRepublic – Read More
This slick Linux browser is like a tricked-out Opera – and it’s faster than Firefox
/in General NewsLooking for a web browser that is as cool looking as it is secure and private? Take a look at this fork of Floorp.
Latest stories for ZDNET in Security – Read More
ChatGPT Down as Users Report “Gateway Time-out” Error
/in General NewsChatGPT Down: Users report “Gateway time-out” errors. OpenAI’s popular AI chatbot is experiencing widespread outages. Stay updated on the service disruption.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum
/in General NewsExploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server.
The post Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum appeared first on SecurityWeek.
SecurityWeek – Read More
Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit
/in General NewsThe researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.
darkreading – Read More
Texas man faces prison for activating ‘kill switch’ on former employer’s network
/in General NewsSoftware developer Davis Lu was found guilty of sabotaging the company’s systems.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
NIST Announces HQC as Fifth Standardized Post Quantum Algorithm
/in General NewsFirst choices for both KEMs and DSAs are already standardized, and organizations should not wait for the backups to be available before migrating to PQC.
The post NIST Announces HQC as Fifth Standardized Post Quantum Algorithm appeared first on SecurityWeek.
SecurityWeek – Read More