BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Chinese APT Mustang Panda Debuts 4 New Attack Tools
/in General NewsThe notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal.
darkreading – Read More
Attackers and Defenders Lean on AI in Identity Fraud Battle
/in General NewsIdentity verification, insurance claims, and financial services are all seeing surges in AI-enabled fraud, but organizations are taking advantage of AI systems to fight fire with fire.
darkreading – Read More
The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools
/in General NewsWith unapproved AI tools entrenched in daily workflows, experts say it’s time to shift from monitoring to managing Shadow AI use across the enterprise.
The post The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools appeared first on SecurityWeek.
SecurityWeek – Read More
That Google email look real? Don’t click – it might be scam. Here’s how to tell
/in General NewsUntil Google rolls out a fix, you’ll have to be on the lookout for this particularly convincing phishing scam.
Latest stories for ZDNET in Security – Read More
Alleged SmokeLoader malware operator facing federal charges in Vermont
/in General NewsAn alleged operator of the SmokeLoader malware is now facing federal hacking charges in Vermont after accusations that he stole personal information on more than 65,000 people.
The Record from Recorded Future News – Read More
ICE Is Paying Palantir $30 Million to Build ‘ImmigrationOS’ Surveillance Platform
/in General NewsIn a document published Thursday, ICE explained the functions that it expects Palantir to include in a prototype of a new program to give the agency “near real-time” data about people self-deporting.
Security Latest – Read More
CISA Weighs In on Alleged Oracle Cloud Breach
/in General NewsThe agency is recommending that organizations and individuals implement its recommendations to prevent the misuse of stolen data, though Oracle has yet to publicly do the same for its customers.
darkreading – Read More
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
/in General NewsCybersecurity researchers are warning of a “widespread and ongoing” SMS phishing campaign that’s been targeting toll road users in the United States for financial theft since mid-October 2024.
“The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by ‘Wang Duo Yu,'” Cisco Talos researchers Azim Khodjibaev, Chetan
The Hacker News – Read More
New payment-card scam involves a phone call, some malware and a personal tap
/in General NewsA new payment card scam uses malware disguised as a security tool or verification utility to capture card details and access funds.
The Record from Recorded Future News – Read More
Think GeoGuessr is fun? Try using ChatGPT to guess locations in your photos
/in General NewsChatGPT can ‘read’ your photos for location clues – even without embedded GPS or EXIF data. Here’s why that could be a problem.
Latest stories for ZDNET in Security – Read More