BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
CISA Warns 2 SonicWall Vulnerabilities Under Active Exploitation
/in General NewsThe vulnerabilities affect SonicWall’s SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.
darkreading – Read More
Addressing the Top Cyber-Risks in Higher Education
/in General NewsAs attacks accelerate, security leaders must act to gain visibility across their entire institution’s network and systems and continuously educate their users on best practices.
darkreading – Read More
New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims
/in General NewsCybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes).
The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS threat intelligence firm Infoblox.
The attacks have been observed to lure victims with bogus
The Hacker News – Read More
How to securely attach an Apple AirTag to pretty much anything
/in General NewsThe UFO-like design of AirTags makes them a pain to attach to things. But I found a solution that makes the best finder tags available much easier to use.
Latest stories for ZDNET in Security – Read More
Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise
/in General NewsThreat actors are revisiting SAP NetWeaver instances to leverage webshells deployed via a recent zero-day vulnerability.
The post Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise appeared first on SecurityWeek.
SecurityWeek – Read More
Multiple iHeartRadio stations breached in December
/in General NewsSeveral radio stations owned by iHeartMedia were breached in December, exposing Social Security numbers, financial information and more.
The Record from Recorded Future News – Read More
Hacker Conversations: John Kindervag, a Making not Breaking Hacker
/in General NewsJohn Kindervag is best known for developing the Zero Trust Model. He is a hacker, but not within our common definition of a hacker today.
The post Hacker Conversations: John Kindervag, a Making not Breaking Hacker appeared first on SecurityWeek.
SecurityWeek – Read More
New Cloud Vulnerability Data Shows Google Cloud Leads in Risk
/in General NewsNew research shows Google Cloud and smaller providers have the highest cloud vulnerability rates as compared to AWS…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Critical Vulnerability in AI Builder Langflow Under Attack
/in General NewsCISA warns organizations that threat actors are exploiting a critical-severity vulnerability in low-code AI builder Langflow.
The post Critical Vulnerability in AI Builder Langflow Under Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Samsung MagicINFO Vulnerability Exploited Days After PoC Publication
/in General NewsThreat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published.
The post Samsung MagicINFO Vulnerability Exploited Days After PoC Publication appeared first on SecurityWeek.
SecurityWeek – Read More