BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
When Seconds Count: How to Survive Fast-and-Furious DDoS Microbursts
/in General NewsIn the battle against two-minute micro-attacks that can knock out critical communication services, the difference between success and failure can literally come down to seconds.
darkreading – Read More
Developer Convicted for Hacking Former Employer’s Systems
/in General NewsDavis Lu was convicted of sabotaging his employer’s systems through malicious code, and deleting encrypted data.
The post Developer Convicted for Hacking Former Employer’s Systems appeared first on SecurityWeek.
SecurityWeek – Read More
Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links
/in General NewsThe Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024.
“The campaign, which leverages social media to distribute malware, is tied to the region’s current geopolitical climate,” Positive Technologies researchers Klimentiy Galkin and Stanislav Pyzhov said in an analysis published last week.
The Hacker News – Read More
Mass Exploitation of Critical PHP Vulnerability Begins
/in General NewsGreyNoise warns of mass exploitation of a critical vulnerability in PHP leading to remote code execution on vulnerable servers.
The post Mass Exploitation of Critical PHP Vulnerability Begins appeared first on SecurityWeek.
SecurityWeek – Read More
Google Paid Out $12 Million via Bug Bounty Programs in 2024
/in General NewsIn 2024, Google paid out nearly $12 million in bug bounties through its revamped vulnerability reward programs.
The post Google Paid Out $12 Million via Bug Bounty Programs in 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
560,000 People Impacted Across Four Healthcare Data Breaches
/in General NewsSeveral healthcare organizations in different US states have disclosed data breaches affecting 100,000-200,000 individuals.
The post 560,000 People Impacted Across Four Healthcare Data Breaches appeared first on SecurityWeek.
SecurityWeek – Read More
⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact
/in General NewsCyber threats today don’t just evolve—they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds—ranging from nation-state espionage and ransomware to manipulated AI chatbots—the landscape becomes increasingly complex, prompting vital questions: How secure are our cloud environments? Can our
The Hacker News – Read More
Most AI voice cloning tools aren’t safe from scammers, Consumer Reports finds
/in General NewsConsumer Reports assessed the most leading voice cloning tools, including Descript and ElevenLabs. Here’s the verdict.
Latest stories for ZDNET in Security – Read More
SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools
/in General NewsA new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent internet blocks and restrictions around online services.
Russian cybersecurity company Kaspersky said the activity is part of a larger trend where cybercriminals are increasingly leveraging Windows Packet Divert (WPD) tools to distribute malware
The Hacker News – Read More
What Happens When Push Notifications Go Malicious?
/in General NewsA Storm of Scams Awaits!
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More